Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8248

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-8248
Last Modified 17 Dec 2014 02:40:31
Published 16 Dec 2014 06:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-8248

Summary

SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.

Vulnerable Systems

Application

  • Ca Release Automation 4.7.1


References

CERT-VN - VU#343060

BUGTRAQ - 20141215 CA20141215-01: Security Notice for CA LISA Release Automation

CONFIRM - http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx

SECTRACK - 1031375

FULLDISC - 20141216 CA20141215-01: Security Notice for CA LISA Release Automation


Last Updated: 27 May 2016 11:07:18