XML External Entity Vulnerability in IBM WebSphere Commerce
CVE-2014-4769

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce
Vendor: CVE Published:; 5 November 2014

What is CVE-2014-4769?

IBM WebSphere Commerce, versions 6.x up to 6.0.0.11 and 7.x up to 7.0.0.8, is susceptible to an XML External Entity (XXE) vulnerability. This issue allows remote authenticated users to exploit XML data by embedding an external entity declaration, which can lead to unauthorized access to sensitive files or the ability to send TCP requests to internal servers. Proper validation of XML input is crucial to mitigate these risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50553

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1JR49897

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/94836

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2014
Vulnerability Reserved
Jul 9, 2014