{"api_version":"1","generated_at":"2026-04-23T05:14:04+00:00","cve":"CVE-2014-8162","urls":{"html":"https://cve.report/CVE-2014-8162","api":"https://cve.report/api/cve/CVE-2014-8162.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-8162","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-8162"},"summary":{"title":"CVE-2014-8162","description":"XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2015-05-14 14:59:00","updated_at":"2023-02-13 00:44:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1187339","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1187339","refsource":"MISC","tags":[],"title":"1187339 – (CVE-2014-8162) CVE-2014-8162 Satellite5: RPC API XML External Entities file disclosure","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0957.html","name":"RHSA-2015:0957","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html","name":"SUSE-SU-2015:0928","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2015:0928-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2014-8162","name":"https://access.redhat.com/security/cve/CVE-2014-8162","refsource":"MISC","tags":[],"title":"CVE-2014-8162 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2015:0957","name":"https://access.redhat.com/errata/RHSA-2015:0957","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/74595","name":"74595","refsource":"BID","tags":[],"title":"Red Hat Satellite and Spacewalk XML External Entity Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-8162","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8162","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"8162","vulnerable":"1","versionEndIncluding":"5.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"network_satellite","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8162","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"suse","cpe5":"manager","cpe6":"1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8162","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"suse","cpe5":"manager","cpe6":"1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2014-8162","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0957.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2015-0957.html"},{"url":"http://www.securityfocus.com/bid/74595","refsource":"MISC","name":"http://www.securityfocus.com/bid/74595"}]}},"nvd":{"publishedDate":"2015-05-14 14:59:00","lastModifiedDate":"2023-02-13 00:44:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:network_satellite:*:*:*:*:*:*:*:*","versionEndIncluding":"5.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"8162","Ordinal":"75184","Title":"CVE-2014-8162","CVE":"CVE-2014-8162","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"8162","Ordinal":"1","NoteData":"XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"8162","Ordinal":"2","NoteData":"2015-05-14","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"8162","Ordinal":"3","NoteData":"2016-11-25","Type":"Other","Title":"Modified"}]}}}