Vulnerability Description
Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Release Automation | <= 4.7.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Dec/55
- http://securitytracker.com/id?1031375
- http://www.ca.com/us/support/ca-support-online/product-content/recommended-readiVendor Advisory
- http://www.kb.cert.org/vuls/id/343060Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/534246/100/0/threaded
- http://seclists.org/fulldisclosure/2014/Dec/55
- http://securitytracker.com/id?1031375
- http://www.ca.com/us/support/ca-support-online/product-content/recommended-readiVendor Advisory
- http://www.kb.cert.org/vuls/id/343060Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/534246/100/0/threaded
FAQ
What is CVE-2014-8247?
CVE-2014-8247 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecifi...
How severe is CVE-2014-8247?
CVE-2014-8247 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8247?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Release Automation.