XML External Entity Vulnerability in IBM Tivoli Endpoint Manager
CVE-2014-3066

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Endpoint Manager
Vendor: CVE Published:; 2 July 2014

Summary

IBM Tivoli Endpoint Manager versions prior to 9.1.1088.0 are susceptible to an XML External Entity (XXE) vulnerability that permits remote attackers to read sensitive files on the server. This flaw occurs when XML data incorporates an external entity declaration leading to unauthorized file access, posing serious risks to data security and potentially exposing confidential information.

References

http://secunia.com/advisories/58672

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/58906

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21673967

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Apr 29, 2014