Skip to main content

Cloud Tiering Appliance Software

2 CVEs product

Monthly

CVE-2014-0645 MEDIUM This Month

EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Cloud Tiering Appliance Software Cloud Tiering Appliance File Management Appliance Software File Management Appliance
NVD GitHub VulDB
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-0644 HIGH POC THREAT Act Now

EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.0%.

XXE Information Disclosure Cloud Tiering Appliance Software Cloud Tiering Appliance
NVD GitHub Exploit-DB VulDB
CVSS 2.0
7.8
EPSS
74.0%
Threat
5.3
EPSS 0% CVSS 4.7
MEDIUM This Month

EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Cloud Tiering Appliance Software Cloud Tiering Appliance +2
NVD GitHub VulDB
EPSS 74% 5.3 CVSS 7.8
HIGH POC THREAT Act Now

EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.0%.

XXE Information Disclosure Cloud Tiering Appliance Software +1
NVD GitHub Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy