CVE-2014-4669

{"id": "CVE-2014-4669", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-28T15:55:08.490", "references": [{"url": "http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Jun/127", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/68200", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "HP Enterprise Maps 1.00 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de un documento WSDL que contiene una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad dentro de una operaci\u00f3n GetQuote, relacionado con un problema de entidad externa XML (XXE)."}], "lastModified": "2015-12-18T19:05:25.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:enterprise_maps:1.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC94DBEF-8D4B-4C1C-AA95-93DC6DDF2BD0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}