CVE-2014-8474

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx	Patch Vendor Advisory
http://www.securityfocus.com/bid/70926
http://www.securitytracker.com/id/1031214
https://exchange.xforce.ibmcloud.com/vulnerabilities/98537

Configurations

Configuration 1 (hide)

cpe:2.3:a:ca:cloud_service_management:*:spring:*:*:*:*:*:*

Information

Published : 2014-11-04 12:55

Updated : 2017-09-07 18:29

NVD link : CVE-2014-8474

Mitre link : CVE-2014-8474

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cloud_service_management

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx", "name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/70926", "name": "70926", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1031214", "name": "1031214", "tags": [], "refsource": "SECTRACK"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98537", "name": "ca-cloud-cve20148474-info-disc(98537)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-8474", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-11-04T20:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ca:cloud_service_management:*:spring:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2014"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-09-08T01:29Z"}

7.5 /10