XML External Entity Vulnerability in IBM WebSphere Products
CVE-2014-6114

Currently unrated

Key Information:

Vendor: IBM
Status: Operational Decision Manager; Websphere Ilog Jrules; Websphere Operational Decision Management
Vendor: CVE Published:; 11 December 2014

Summary

The Hosted Transparent Decision Service in IBM WebSphere products is susceptible to an XML External Entity (XXE) vulnerability, enabling remote attackers to exploit the application's handling of XML inputs. This flaw allows unauthorized access to sensitive files on the server by leveraging XML external entity declarations. Attackers can manipulate XML data to read arbitrary files, posing a significant threat to data integrity and confidentiality within the affected products.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/96211

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21691815

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Sep 2, 2014