CVE-2014-8474

CA Cloud Service Management < 2014 - Denial of Service

Title source: rule

Description

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (4)

[Patch, Vendor Advisory] http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/70926

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/98537

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031214

Scores

EPSS 0.0083

EPSS Percentile 74.3%

Classification

Status draft

Affected Products (1)

ca/cloud_service_management < 2014

Timeline

Published Nov 04, 2014

Tracked Since Feb 18, 2026