4

CVE-2014-4769

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Commerce Version6.0.0.0
IbmWebsphere Commerce Version6.0.0.1
IbmWebsphere Commerce Version6.0.0.2
IbmWebsphere Commerce Version6.0.0.3
IbmWebsphere Commerce Version6.0.0.4
IbmWebsphere Commerce Version6.0.0.5
IbmWebsphere Commerce Version6.0.0.6
IbmWebsphere Commerce Version6.0.0.7
IbmWebsphere Commerce Version6.0.0.8
IbmWebsphere Commerce Version6.0.0.9
IbmWebsphere Commerce Version6.0.0.10
IbmWebsphere Commerce Version6.0.0.11
IbmWebsphere Commerce Version7.0
IbmWebsphere Commerce Version7.0.0.1
IbmWebsphere Commerce Version7.0.0.2
IbmWebsphere Commerce Version7.0.0.3
IbmWebsphere Commerce Version7.0.0.4
IbmWebsphere Commerce Version7.0.0.5
IbmWebsphere Commerce Version7.0.0.6
IbmWebsphere Commerce Version7.0.0.7
IbmWebsphere Commerce Version7.0.0.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.476
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N