CVE-2014-2052 — XML External Entity (XXE) Injection in Owncloud

CWE-611 — XML External Entity (XXE) Injection4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.0%

top 23.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedFeb 11

Latest updateMay 17

Description

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDowncloud/owncloud_server6.0.0 — 6.0.2

▶NVDowncloud/owncloud< 5.0.15

🔴Vulnerability Details

GHSA

GHSA-hqv6-vrp9-42x2: Zend Framework, as used in ownCloud Server before 5↗2022-05-17

▶

CVEList

CVE-2014-2052: Zend Framework, as used in ownCloud Server before 5↗2020-02-11

▶

💬Community

Bugzilla

CVE-2014-2052 owncloud: remote attackers can read arbitrary files causing denial of service↗2020-02-14

▶