PT-2014-6051 · Hewlett Packard · Hp Enterprise Maps

Published

2014-06-28

Updated

2015-12-18

CVE-2014-4669

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions HP Enterprise Maps version 1.00

Description The issue allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.

Recommendations For HP Enterprise Maps version 1.00, consider disabling the GetQuote operation until a patch is available to prevent exploitation of the XML External Entity issue. Restrict access to sensitive files and directories to minimize the risk of unauthorized access.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-4669

Affected Products

Hp Enterprise Maps

PT-2014-6051 · Hewlett Packard · Hp Enterprise Maps

CVE-2014-4669

Weakness Enumeration

Related Identifiers

Affected Products

References · 4