XML External Entity Vulnerability in IBM WebSphere Commerce
CVE-2015-0133

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce
Vendor: CVE Published:; 13 March 2015

Summary

An XML External Entity (XXE) vulnerability exists in IBM WebSphere Commerce versions from Feature Pack 4 through Feature Pack 8, allowing remote attackers to exploit XML external entity declarations. This exploitation can lead to unauthorized access to and reading of sensitive files on the server, and may result in the potential for gaining administrative privileges, thus compromising the security of the affected systems.

References

http://www.securitytracker.com/id/1031881

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg1JR52499

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21696242

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 13, 2015
Vulnerability Reserved
Nov 18, 2014