XML External Entity Vulnerability in IBM Business Process Manager and WebSphere Lombardi
CVE-2014-3087

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Application Server; Business Process Manager
Vendor: CVE Published:; 17 August 2014

Summary

An XML External Entity (XXE) vulnerability has been identified in IBM Business Process Manager and WebSphere Lombardi, allowing remote authenticated users to read arbitrary files. This issue arises from improper handling of XML input which can lead to sensitive data exposure through specially crafted entity references. Organizations using affected versions should ensure prompt remediation to mitigate potential exploits that may compromise system integrity.

References

http://www.securityfocus.com/bid/69264

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/94112

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50616

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Aug 17, 2014
Vulnerability Reserved
Apr 29, 2014