CVE-2014-2054
Last modified
CVE-2014-2054 is a vulnerability of currently unknown severity. PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Owncloud | Owncloud Server | 6.0.0 | — |
| Owncloud | Owncloud Server | 6.0.1 | — |
| Phpexcel Project | Phpexcel | <= 1.7.9 | — |
| Owncloud | Owncloud Server | <= 5.0.14 | A |
| Owncloud | Owncloud Server | 5.0.0 | — |
| Owncloud | Owncloud Server | 5.0.1 | — |
| Owncloud | Owncloud Server | 5.0.2 | — |
| Owncloud | Owncloud Server | 5.0.3 | — |
| Owncloud | Owncloud Server | 5.0.4 | — |
| Owncloud | Owncloud Server | 5.0.5 | — |
| Owncloud | Owncloud Server | 5.0.6 | — |
| Owncloud | Owncloud Server | 5.0.7 | — |
| Owncloud | Owncloud Server | 5.0.8 | — |
| Owncloud | Owncloud Server | 5.0.9 | — |
| Owncloud | Owncloud Server | 5.0.10 | — |
| Owncloud | Owncloud Server | 5.0.11 | — |
| Owncloud | Owncloud Server | 5.0.12 | — |
| Owncloud | Owncloud Server | 5.0.13 | — |
| Owncloud | Owncloud Server | 5.0.14 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-2054?
How severe is CVE-2014-2054?
How do I fix CVE-2014-2054?
Are you affected by CVE-2014-2054?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST