Unrated severityNVD Advisory· Published Aug 26, 2014· Updated May 6, 2026

CVE-2014-5035

Description

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.

Affected products

Opendaylight/Opendaylight
cpe:2.3:a:opendaylight:opendaylight:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/127843/Opendaylight-1.0-Local-File-Inclusion-Remote-File-Inclusion.htmlnvd
seclists.org/fulldisclosure/2014/Aug/34nvd
www.securityfocus.com/archive/1/533114/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/95254nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000