CVE-2014-4669: Infoleak
First published: Sat Jun 28 2014(Updated: )
HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Enterprise Maps | =1.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-4669?
CVE-2014-4669 is considered to have a medium severity due to its potential for unauthorized file access.
How do I fix CVE-2014-4669?
To mitigate CVE-2014-4669, users should upgrade to a secure version of HP Enterprise Maps that addresses the XML External Entity (XXE) vulnerability.
Who is impacted by CVE-2014-4669?
Remote authenticated users of HP Enterprise Maps 1.00 are impacted by CVE-2014-4669 as they can exploit the vulnerability to read arbitrary files.
What are XML External Entity (XXE) vulnerabilities?
XML External Entity (XXE) vulnerabilities can allow an attacker to interfere with the processing of XML data, leading to unauthorized data access or server-side request forgery.
Is CVE-2014-4669 an authenticated vulnerability?
Yes, CVE-2014-4669 is classified as an authenticated vulnerability, requiring an attacker to have valid user credentials to exploit it.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/hp
- canonical/hp enterprise maps
- version/hp enterprise maps/1.00