CVE-2014-0644

EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0:-:*:*:*:*:*:*
cpe:2.3:a:emc:cloud_tiering_appliance_software:10.0:sp1:*:*:*:*:*:*
cpe:2.3:h:emc:cloud_tiering_appliance:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-04-17 01:55

Updated : 2024-02-28 12:20


NVD link : CVE-2014-0644

Mitre link : CVE-2014-0644

CVE.ORG link : CVE-2014-0644


JSON object : View

Products Affected

emc

  • cloud_tiering_appliance
  • cloud_tiering_appliance_software
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor