CVE-2014-4374

EUVD-2014-4301
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
applemac_os_x
𝑥
≤ 10.9.4
appleiphone_os
𝑥
≤ 7.1.2
appleiphone_os
7.0
appleiphone_os
7.0.1
appleiphone_os
7.0.2
appleiphone_os
7.0.3
appleiphone_os
7.0.4
appleiphone_os
7.0.5
appleiphone_os
7.0.6
appleiphone_os
7.1
appleiphone_os
7.1.1
𝑥
= Vulnerable software versions
References
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://support.apple.com/kb/HT6441
http://support.apple.com/kb/HT6443
http://www.securityfocus.com/bid/69882
http://www.securityfocus.com/bid/69905
http://www.securitytracker.com/id/1030866
https://exchange.xforce.ibmcloud.com/vulnerabilities/96077
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://support.apple.com/kb/HT6441
http://support.apple.com/kb/HT6443
http://www.securityfocus.com/bid/69882
http://www.securityfocus.com/bid/69905
http://www.securitytracker.com/id/1030866
https://exchange.xforce.ibmcloud.com/vulnerabilities/96077