CVSS: 7.8EPSS: 52%CPEs: 3EXPL: 1CVE-2014-0644 – EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read
https://notcve.org/view.php?id=CVE-2014-0644
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file. EMC Cloud Tiering Appliance (CTA) 10 hasta SP1 permite a atacantes remotos leer archivos arbitrarios a través de una solicitud api/login que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE), tal y como fue demostrado por la lectura del archivo /etc/shadow. EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user. • https://www.exploit-db.com/exploits/32623 http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html http://seclists.org/fulldisclosure/2014/Mar/426 https://gist.github.com/brandonprry/9895721 - • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0645
https://notcve.org/view.php?id=CVE-2014-0645
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack. EMC Cloud Tiering Appliance (CTA) 9.x hasta 10 SP1 y File Management Appliance (FMA) 7.x almacene hashes de contraseñas DES para las cuentas root, super, y de administración, lo que facilita a atacantes dependientes de contexto obtener información sensible a través de un ataque de fuerza bruta. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html http://seclists.org/fulldisclosure/2014/Mar/426 https://gist.github.com/brandonprry/9895721 • CWE-255: Credentials Management Errors •