Lucene search

[email protected]CVE-2014-6302

HistoryFeb 19, 2015 - 11:59 a.m.

CVE-2014-6302

2015-02-1911:59:02

[email protected]

web.nvd.nist.gov

monitoring

administration

pnmsoft sequence kinetics

7.7

remote attack

arbitrary files

xml

external entity

xxe

security vulnerability

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.3%

JSON

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

pnmsoftsequence_kineticsRange≤7.5

CPENameOperatorVersion
pnmsoft:sequence_kineticspnmsoft sequence kineticsle7.5

CPE	Name	Operator	Version
pnmsoft:sequence_kinetics	pnmsoft sequence kinetics	le	7.5

References

licensing.pnmsoft.com/documents/Security%20Bulletins/Security%20Bulletin%202014-1.htm

twitter.com/d_gianni/statuses/562628862648270849/photo/1

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for CVE-2014-6302

prion1 cvelist1 nvd1