Lucene search

[email protected]CVE-2014-9360

HistoryDec 10, 2014 - 3:59 p.m.

CVE-2014-9360

2014-12-1015:59:23

[email protected]

web.nvd.nist.gov

cve

2014

9360

xml

xxe

vulnerability

scalix web access

remote attackers

arbitrary files

intranet servers

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request.

Affected configurations

NVD

Node

scalixweb_accessMatch11.4.6.12377

scalixweb_accessMatch12.2.0.14697

CPENameOperatorVersion
scalix:web_accessscalix web accesseq11.4.6.12377
scalix:web_accessscalix web accesseq12.2.0.14697

CPE	Name	Operator	Version
scalix:web_access	scalix web access	eq	11.4.6.12377
scalix:web_access	scalix web access	eq	12.2.0.14697

References

seclists.org/fulldisclosure/2014/Oct/133

www.securityfocus.com/archive/1/533861/100/0/threaded

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for CVE-2014-9360

nvd1 prion1 cvelist1 openvas1