CVE-2014-8474

Published: Nov 4, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (1)

Products: Ca: Cloud Service Management

1 product

Cloud Service Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ca Cloud Service Management	Up to 2014

References (8)

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/70926

Source: cve@mitre.org

http://www.securitytracker.com/id/1031214

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/98537

Source: cve@mitre.org

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/70926

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031214

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/98537

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.