CVE-2014-3087

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Application Server; Business Process Manager
Vendor: CVE Published:; 17 August 2014

Summary

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

http://www.securityfocus.com/bid/69264

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/94112

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50616

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Aug 17, 2014
Vulnerability Reserved
Apr 29, 2014