Change Download Preference

Current Preference
Change Preference to:

CA20180829-03: Security Notice for CA Release Automation

Issued: August 29, 2018
Last Updated: August 29, 2018

CA Technologies Support is alerting customers to a potential risk with CA Release Automation.  A vulnerability exists that can allow an attacker to potentially execute arbitrary code. 

The vulnerability, CVE-2018-15691, has a high risk rating and concerns insecure deserialization of a specially crafted serialized object, which can allow an attacker to potentially execute arbitrary code. 

Risk Rating



All supported platforms

Affected Products

CA Release Automation 6.3
CA Release Automation 6.4
CA Release Automation 6.5

Note:  older, unsupported releases may be affected.

Unaffected Products

CA Release Automation 6.6
CA Release Automation or later
CA Release Automation or later
CA Release Automation or later

How to determine if the installation is affected

Check the build number with the Help->About menu option, or determine which fixes are applied by looking at the Fix_Maintenance directory.


CA Technologies published the following solutions to address the vulnerabilities.

CA Release Automation 6.3:
Apply Cumulative Fix build 9945 or later.

CA Release Automation 6.4:
Apply Cumulative Fix build 10119 or later.

CA Release Automation 6.5:
Apply Cumulative Fix build 10080 or later.


CVE-2018-15691 - CA Release Automation deserialization vulnerability


CVE-2018-15691 - Jakub Palaczynski and Maciej Grabiec

Change History

Version 1.0: 2018-08-29 - Initial Release

CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.

Customers who require additional information about this notice may contact CA Technologies Support at

To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.

CA Technologies security notices