CVE-2014-3087

Sažetak

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Reference

http://secunia.com/advisories/60752
http://secunia.com/advisories/60755
http://secunia.com/advisories/60757
http://www.securityfocus.com/bid/69264
http://www-01.ibm.com/support/docview.wss?uid=swg1JR50616
http://www-01.ibm.com/support/docview.wss?uid=swg21679726
https://exchange.xforce.ibmcloud.com/vulnerabilities/94112

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:34

Objavljeno

17-08-2014 - 23:55