XML External Entity Vulnerability in HP Enterprise Maps 1.00
CVE-2014-4669

Currently unrated

Key Information:

Vendor: HP
Status: Enterprise Maps
Vendor: CVE Published:; 28 June 2014

Summary

HP Enterprise Maps version 1.00 is vulnerable to an XML External Entity (XXE) issue that allows remote authenticated users to access arbitrary files. This vulnerability arises during the GetQuote operation where a WSDL document can include an XML external entity declaration. Exploitation of this flaw could lead to the exposure of sensitive information stored on the server, making it crucial for affected users to take immediate action to mitigate potential risks.

References

http://www.securityfocus.com/bid/68200

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2014/Jun/127

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/127239/HP-Enterprise...

x_refsource_MISC

Timeline

Vulnerability published
Jun 28, 2014
Vulnerability Reserved
Jun 26, 2014