CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information or cause a denial of service condition. CA has fixes available. The first vulnerability occurs due to the inclusion of a vulnerable 3rd party component, Open Flash Chart. A remote attacker can conduct cross-site scripting attacks The second vulnerability occurs due to insufficient verification of requests to the web server, which can lead to limited XML external entity attacks. An authenticated attacker in the local network can potentially gain sensitive information or cause a denial of service condition. The third vulnerability occurs due to insufficient verification of requests to the web interface, which leads to multiple reflected cross-site scripting vulnerabilities and one stored cross-site scripting vulnerability.
2ef5f54923997660f51cadb44ff051e243c99d18929f23a00717e9198858f0d9
Revive Adserver versions 3.2.1 and below suffer from improper access controls, cross site request forgery, cross site scripting, local file inclusion, and various other vulnerabilities.
f3c53ca4f0d760cffde26a8a7bbe06712810d8fb32dabf303255604dc56e2372