// For flags

CVE-2014-5035

Opendaylight 1.0 Local File Inclusion / Remote File Inclusion

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.

El servicio Netconf (TCP) en OpenDaylight 1.0 permite a atacantes remotos leer ficheros arbitrarios a través de una declaración de entidad externa XML en conjunto con una referencia de entidad en un mensaje XML-RPC, relacionado con un problema de entidad externa XML (XXE).

Opendaylight version 1.0 suffers from local file inclusion and remote file inclusion vulnerabilities in the Netconf (TCP) service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-07-22 CVE Reserved
  • 2014-08-12 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opendaylight
Search vendor "Opendaylight"
 Opendaylight
Search vendor "Opendaylight" for product "Opendaylight"
 1.0
Search vendor "Opendaylight" for product "Opendaylight" and version "1.0"
-
Affected