Remote File Read Vulnerability in ownCloud Server Utilizing Zend Framework
CVE-2014-2052

9.8CRITICAL

Key Information:

Vendor

Owncloud

Status
Owncloud
Vendor
CVE Published:
11 February 2020

What is CVE-2014-2052?

The Zend Framework used in ownCloud Server versions prior to 5.0.15 and 6.0.2 is susceptible to XML External Entity (XXE) attacks. This vulnerability can allow remote attackers to read sensitive files on the server, potentially leading to unauthorized information disclosure. Additionally, it may enable attackers to initiate denial of service conditions. This highlights the critical need for timely updates and monitoring of security advisories from the vendor.

References

http://owncloud.org/about/security/advisories/oC-SA-2014-...
x_refsource_MISC
https://owncloud.org/security/advisories/xxe-multiple-thi...
x_refsource_CONFIRM
https://www.securityfocus.com/bid/66222
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.