CVE-2014-0644
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.7402 (74.0%)
Percentil: 98.8%
EPSS: 2026-05-06
Afecta
emc:cloud_tiering_appliance_softwareemc:cloud_tiering_applianceDescripción técnica
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Publicada: 17/4/2014, 1:55:05
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html
- http://seclists.org/fulldisclosure/2014/Mar/426
- https://gist.github.com/brandonprry/9895721
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html
- http://seclists.org/fulldisclosure/2014/Mar/426
- https://gist.github.com/brandonprry/9895721