CyberSec.Space Logo
Back to CVE Browser

CVE-2014-2052

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile38.78th
PublishedFeb 11, 2020
Last ModifiedMar 31, 2025

Vulnerability Description

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Affected Platforms (CPE)

πŸ“¦
Owncloud

Owncloud

< 5.0.15
πŸ“¦
Owncloud

Owncloud Server

>= 6.0.0 and < 6.0.2

References & Advisories

πŸ”— http://owncloud.org/about/security/advisories/oC-SA-2014-006/
πŸ”— https://owncloud.org/security/advisories/xxe-multiple-third-party-components/
πŸ”— https://www.securityfocus.com/bid/66222
πŸ”— http://owncloud.org/about/security/advisories/oC-SA-2014-006/
πŸ”— https://owncloud.org/security/advisories/xxe-multiple-third-party-components/
πŸ”— https://www.securityfocus.com/bid/66222

Related Vulnerabilities

CVE-2015-471610.0

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on...

CVE-2019-253379.8

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulatin...

CVE-2021-359469.8

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and the...

CVE-2014-20489.8

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID imp...