Vulnerabilities > CVE-2018-15691 - Deserialization of Untrusted Data vulnerability in Broadcom Release Automation 6.3/6.4/6.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | CA Release Automation NiMi 6.5 - Remote Command Execution. CVE-2018-15691. Remote exploit for Java platform |
| file | exploits/java/remote/45425.py |
| id | EDB-ID:45425 |
| last seen | 2018-10-07 |
| modified | 2018-09-17 |
| platform | java |
| port | |
| published | 2018-09-17 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/45425/ |
| title | CA Release Automation NiMi 6.5 - Remote Command Execution |
| type | remote |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/149427/caran65-exec.txt |
| id | PACKETSTORM:149427 |
| last seen | 2018-09-19 |
| published | 2018-09-19 |
| reporter | Jakub Palaczynski |
| source | https://packetstormsecurity.com/files/149427/CA-Release-Automation-NiMi-6.5-Remote-Command-Execution.html |
| title | CA Release Automation NiMi 6.5 Remote Command Execution |