CVE-2014-0644

2014-04-1701:55:00

CWE-200

[email protected]

web.nvd.nist.gov

emc

cloud tiering appliance

cta

xxe

xml

security

vulnerability

nvd

6.9 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.472 Medium

EPSS

Percentile

97.5%

JSON

EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.

CPENameOperatorVersion
emc:cloud_tiering_appliance_softwareemc cloud tiering appliance softwareeq10.0
emc:cloud_tiering_applianceemc cloud tiering applianceeq-