Lucene search

[email protected]CVE-2014-4669

HistoryJun 28, 2014 - 3:55 p.m.

CVE-2014-4669

2014-06-2815:55:08

CWE-200

[email protected]

web.nvd.nist.gov

enterprise

maps

1.00

xxe

vulnerability

nvd

cve-2014-4669

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.5%

JSON

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

hpenterprise_mapsMatch1.00

CPENameOperatorVersion
hp:enterprise_mapshp enterprise mapseq1.00

CPE	Name	Operator	Version
hp:enterprise_maps	hp enterprise maps	eq	1.00

References

packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html

seclists.org/fulldisclosure/2014/Jun/127

www.securityfocus.com/bid/68200

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.5%

JSON

Related for CVE-2014-4669

prion1 cvelist1 nvd1