What is CVE-2014-0644?

CVE-2014-0644 is a vulnerability in Emc Cloud_tiering_appliance, classified under Information Disclosure. Published 2014-04-17.

Is CVE-2014-0644 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Emc Cloud_tiering_appliance

CVE-2014-0644

EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Ent…

Vulnerability class: Information Disclosure

EPSS: 0.740 (98.9th percentile) — read the EPSS interpretation.

Affected products

Emc Cloud_tiering_appliance
Emc Cloud_tiering_appliance_software — versions 10.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
security_alert@emc.com (x_refsource_MISC)
20140331 EMC CTA v10.0 unauthenticated XXE with root perms (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2014-0644?: CVE-2014-0644 is a vulnerability in Emc Cloud_tiering_appliance, classified under Information Disclosure. Published 2014-04-17.
Is CVE-2014-0644 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.