CVE-2014-4669 Information

Description

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation related to an XML External Entity (XXE) issue.

Reference

http://packetstormsecurity.com/files/127239/HP-Enterprise-Maps-1.00-Authenticated-XXE-Injection.html http://seclists.org/fulldisclosure/2014/Jun/127 http://www.securityfocus.com/bid/68200