CVE-2014-8474 | Vulnerability Database | Aqua Security

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected Software

Name	Vendor	Start Version	End Version
Cloud_service_management	Ca	*	2014 (including)

References

http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx
http://www.securityfocus.com/bid/70926
http://www.securitytracker.com/id/1031214
https://exchange.xforce.ibmcloud.com/vulnerabilities/98537
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx
http://www.securityfocus.com/bid/70926
http://www.securitytracker.com/id/1031214
https://exchange.xforce.ibmcloud.com/vulnerabilities/98537

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8474
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html