CVE-2014-8473
CA Cloud Service Management Replay / XXE / Token Verification
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Vulnerabilidad de CSRF en CA Cloud Service Management (CSM) anterior a Summer 2014 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos.
CA Technologies Support is alerting customers to four resolved vulnerabilities with CA Cloud Service Management. Four vulnerabilities existed that could potentially allow a remote attacker to access user sessions, gain sensitive information, or cause a denial of service condition. CA Technologies fixed these vulnerabilities in all production environments as part of the Cloud Service Management Summer 2014 Upgrade.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-24 CVE Reserved
- 2014-11-04 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-04-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/70925 | Vdb Entry | |
| http://www.securitytracker.com/id/1031214 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98536 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ca Search vendor "Ca" | Cloud Service Management Search vendor "Ca" for product "Cloud Service Management" | <= 2014 Search vendor "Ca" for product "Cloud Service Management" and version " <= 2014" | spring |
Affected
| ||||||