Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0644

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2014-0644
Last Modified 17 Apr 2014 11:06:50
Published 16 Apr 2014 09:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0644

Summary

EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.

Vulnerable Systems

Application

  • Emc Cloud Tiering Appliance Software 10.0


References

MISC - https://gist.github.com/brandonprry/9895721

FULLDISC - 20140331 EMC CTA v10.0 unauthenticated XXE with root perms

BUGTRAQ - 20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities


Last Updated: 27 May 2016 11:04:57