Vulnerability Details : CVE-2014-8474
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerability category: XML external entity (XXE) injectionDenial of service
Products affected by CVE-2014-8474
- cpe:2.3:a:ca:cloud_service_management:*:spring:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8474
0.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8474
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-8474
-
http://www.securityfocus.com/bid/70926
CA Cloud Service Management CVE-2014-8474 XML External Entity Injection Vulnerability
-
http://www.securitytracker.com/id/1031214
CA Cloud Service Management Bugs Let Remote Users Access Data, Deny Service, and Conduct Cross-Site Request Forgery Attacks - SecurityTracker
-
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx
CA20141103-01: Security Notice for CA Cloud Service Management - CA TechnologiesPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98537
Vulnerability Report
Jump to