Back to search
CVE-2014-0644
Published: Apr 17, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
https://gist.github.com/brandonprry/9895721
x_refsource_MISC
20140331 EMC CTA v10.0 unauthenticated XXE with root perms
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now