CVE-2015-0133

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce
Vendor: CVE Published:; 13 March 2015

Summary

IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

http://www.securitytracker.com/id/1031881

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg1JR52499

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21696242

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 13, 2015
Vulnerability Reserved
Nov 18, 2014