CVE-2014-8474

2014-11-0420:55:04

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0.008

Percentile

81.1%

JSON

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

Nvd

Node

cacloud_service_managementRange≤2014spring

VendorProductVersionCPE
cacloud_service_management*cpe:2.3:a:ca:cloud_service_management:*:spring:*:*:*:*:*:*

Vendor	Product	Version	CPE
ca	cloud_service_management	*	cpe:2.3:a:ca:cloud_service_management::spring::::::*

References

www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx

www.securityfocus.com/bid/70926

www.securitytracker.com/id/1031214

exchange.xforce.ibmcloud.com/vulnerabilities/98537