Lucene search

PRIOn knowledge basePRION:CVE-2014-8474

HistoryNov 04, 2014 - 8:55 p.m.

Xxe

2014-11-0420:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.6%

JSON

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CPENameOperatorVersion
cloud_service_managementle2014

CPE	Name	Operator	Version
	cloud_service_management	le	2014

References

www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx

www.securityfocus.com/bid/70926

www.securitytracker.com/id/1031214

exchange.xforce.ibmcloud.com/vulnerabilities/98537

7.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.6%

JSON

Related for PRION:CVE-2014-8474