← back
CVE-2018-15691

CVE-2018-15691

EPSS 16.8%
Vexday Risk Score
28Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 16.8%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
30 Aug 2018Published on NVD
17 Sep 2018Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
Affected products
CA Technologies · Release Automation
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45425/unverifiedexploitdbwww.exploit-db.com/exploits/45425unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-03--security-notice-for-ca-release-automation.htmlhttps://www.exploit-db.com/exploits/45425/http://www.securityfocus.com/bid/105197http://www.securitytracker.com/id/1041591