Vulnerability Details CVE-2014-0644
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.74
EPSS Ranking 98.8%
CVSS Severity
CVSS v2 Score 7.8
References
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html
- http://seclists.org/fulldisclosure/2014/Mar/426
- https://gist.github.com/brandonprry/9895721
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html
- http://seclists.org/fulldisclosure/2014/Mar/426
- https://gist.github.com/brandonprry/9895721
Products affected by CVE-2014-0644
-
cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0
-
cpe:2.3:h:emc:cloud_tiering_appliance:-