How severe is CVE-2017-14101?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-14101?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2017-14101 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.

Related Vulnerabilities

CVE-2013-4334

CRITICAL

CVSS:9.8(Critical)

opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities

CWE-6112013

CVE-2014-0030

CRITICAL

CVSS:9.8(Critical)

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

CWE-6112014

CVE-2014-125087

CRITICAL

CVSS:9.8(Critical)

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference....

CWE-6112014

CVE-2014-2052

CRITICAL

CVSS:9.8(Critical)

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML Ex...

CWE-6112014

CVE-2014-3005

CRITICAL

CVSS:9.8(Critical)

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or poten...

CWE-6112014

CVE-2014-3244

CRITICAL

CVSS:9.8(Critical)

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in a...

CWE-6112014