Lucene search

[email protected]NVD:CVE-2014-9360

HistoryDec 10, 2014 - 3:59 p.m.

CVE-2014-9360

2014-12-1015:59:23

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request.

Affected configurations

NVD

Node

scalixweb_accessMatch11.4.6.12377

scalixweb_accessMatch12.2.0.14697

References

seclists.org/fulldisclosure/2014/Oct/133

www.securityfocus.com/archive/1/533861/100/0/threaded

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for NVD:CVE-2014-9360

prion1 cve1 cvelist1 openvas1