Remote Information Disclosure in IBM WebSphere Message Broker and Integration Bus
CVE-2014-6170

Currently unrated

Key Information:

Vendor: IBM
Status: Integration Bus
Vendor: CVE Published:; 2 February 2015

Summary

A vulnerability in IBM WebSphere Message Broker and IBM Integration Bus allows remote attackers to exploit the HTTPInput node. By triggering a SOAP fault, attackers can potentially gain access to sensitive information that should be protected, leading to unauthorized disclosure and possible exploitation of the affected systems. Users of these versions are urged to assess their environment and apply necessary mitigations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98309

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IT01929

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21690725

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 2, 2015
Vulnerability Reserved
Sep 2, 2014