4
CVE-2014-3087
- EPSS 0.29%
- Published 17.08.2014 23:55:06
- Last modified 12.04.2025 10:46:40
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Business Process Manager Version7.5.0.0
Ibm ≫ Business Process Manager Version7.5.0.1
Ibm ≫ Business Process Manager Version7.5.1.0
Ibm ≫ Business Process Manager Version7.5.1.1
Ibm ≫ Business Process Manager Version7.5.1.2
Ibm ≫ Business Process Manager Version8.0.0.0
Ibm ≫ Business Process Manager Version8.0.1.0
Ibm ≫ Business Process Manager Version8.0.1.1
Ibm ≫ Business Process Manager Version8.0.1.2
Ibm ≫ Business Process Manager Version8.5.0.0
Ibm ≫ Business Process Manager Version8.5.0.1
Ibm ≫ Business Process Manager Version8.5.5.0
Ibm ≫ Websphere Application Server Version7.2 Editionlombardi
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.495 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.