CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-8698

CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.6%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 3.6

References

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx
http://www.securityfocus.com/bid/91497
http://www.securitytracker.com/id/1036193
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx
http://www.securityfocus.com/bid/91497
http://www.securitytracker.com/id/1036193

Products affected by CVE-2015-8698

Broadcom » Release Automation » Version: 5.0.2

cpe:2.3:a:broadcom:release_automation:5.0.2
Broadcom » Release Automation » Version: 5.5.1

cpe:2.3:a:broadcom:release_automation:5.5.1
Broadcom » Release Automation » Version: 5.5.2

cpe:2.3:a:broadcom:release_automation:5.5.2
Broadcom » Release Automation » Version: 6.1.0

cpe:2.3:a:broadcom:release_automation:6.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8698

Products

Pricing

Contact Us