CVE-2015-8698

EUVD-2015-8575
CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
broadcomrelease_automation
5.0.2 ≤
𝑥
< 5.0.2-227
broadcomrelease_automation
5.5.1 ≤
𝑥
< 5.5.1-1616
broadcomrelease_automation
5.5.2 ≤
𝑥
< 5.5.2-434
broadcomrelease_automation
6.1.0 ≤
𝑥
< 6.1.0-1026
𝑥
= Vulnerable software versions
References
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx
http://www.securityfocus.com/bid/91497
http://www.securitytracker.com/id/1036193
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx
http://www.securityfocus.com/bid/91497
http://www.securitytracker.com/id/1036193