Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-8474

EPSS 0.83% · P75
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-8474

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
CA Cloud Service Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CA Cloud Service Management(CSM)是美国CA公司的一套软件即服务(SaaS)解决方案。该方案可简化IT服务管理流程、工作流以及重复性任务。 CA CSM Summer 2014之前版本中存在安全漏洞。远程攻击者可借助带有实体声明和实体引用的XML文档利用该漏洞读取任意文件,向内网服务器发送HTTP请求,或造成拒绝服务(CPU和内存消耗)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-8474

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-8474

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-11-04 · 46 CVEs total

CVE-2014-5387EllisLab ExpressionEngine SQL注入漏洞
CVE-2014-8584WordPress Web Dorado Spider Video Player插件跨站脚本漏洞
CVE-2014-8586WordPress CP Multi View Event Calendar插件‘calid’参数SQL注入漏洞
CVE-2014-8589SAP Network Interface Router 整数溢出漏洞
CVE-2014-8590SAP NetWeaver Application Server Java XML外部实体漏洞
CVE-2014-8591SAP Internet Communication Manager 拒绝服务漏洞
CVE-2014-8592SAP Host Agent 拒绝服务漏洞
CVE-2014-4311Epicor Enterprise 信息泄露漏洞
CVE-2014-8588SAP HANA SQL注入漏洞
CVE-2014-7176Enalean Tuleap SQL注入漏洞
CVE-2014-8339Nuevolab Nuevoplayer for ClipShare SQL注入漏洞
CVE-2013-7057Axway SecureTransport 跨站请求伪造漏洞
CVE-2014-8593Allomani Weblinks 跨站脚本漏洞
CVE-2014-4974ESET Personal Firewall NDIS filter内核模式驱动程序信息泄露漏洞
CVE-2014-3660Libxml2 拒绝服务漏洞
CVE-2014-7875HP LaserJet CM3530 Multifunction Printer CC519A和CC520A 远程拒绝服务漏洞
CVE-2014-6130IBM Notes Traveler For Android 信息泄露漏洞
CVE-2014-8473CA Cloud Service Management 跨站请求伪造漏洞
CVE-2014-8472CA Cloud Service Management 安全漏洞
CVE-2014-8471CA Cloud Service Management 安全漏洞

Showing top 20 of 46 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-8474

No comments yet

Leave a comment