CVE-2014-8474
CA Cloud Service Management Replay / XXE / Token Verification
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CA Cloud Service Management (CSM) anterior a Summer 2014 permite a atacantes remotos leer ficheros arbitrarios, enviar solicitudes HTTP a servidores de intranet o causar una denegación de servicio (consumo de CPU y memoria) a través de un documento XML que contiene una declaración de entidad externa en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE).
CA Technologies Support is alerting customers to four resolved vulnerabilities with CA Cloud Service Management. Four vulnerabilities existed that could potentially allow a remote attacker to access user sessions, gain sensitive information, or cause a denial of service condition. CA Technologies fixed these vulnerabilities in all production environments as part of the Cloud Service Management Summer 2014 Upgrade.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-24 CVE Reserved
- 2014-11-04 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/70926 | Vdb Entry | |
| http://www.securitytracker.com/id/1031214 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98537 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx | 2017-09-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ca Search vendor "Ca" | Cloud Service Management Search vendor "Ca" for product "Cloud Service Management" | <= 2014 Search vendor "Ca" for product "Cloud Service Management" and version " <= 2014" | spring |
Affected
| ||||||