Vulnerability Details : CVE-2014-6302
The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2014-6302
- cpe:2.3:a:pnmsoft:sequence_kinetics:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6302
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6302
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2014-6302
-
http://twitter.com/d_gianni/statuses/562628862648270849/photo/1
GianniD on Twitter: "http://t.co/LZyqwNImlC"
-
http://licensing.pnmsoft.com/documents/Security%20Bulletins/Security%20Bulletin%202014-1.htm
Security Bulletin 2014-1Vendor Advisory
Jump to