Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-6302

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-6302
Last Modified 19 Feb 2015 01:53:16
Published 19 Feb 2015 06:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-6302

Summary

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Systems

Application

  • Pnmsoft Sequence Kinetics 7.5


References

MISC - http://twitter.com/d_gianni/statuses/562628862648270849/photo/1

CONFIRM - http://licensing.pnmsoft.com/documents/Security%20Bulletins/Security%20Bulletin%202014-1.htm


Last Updated: 27 May 2016 11:07:52