4.3

CVE-2014-4834

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Commerce Version6.0.0.0
IbmWebsphere Commerce Version6.0.0.1
IbmWebsphere Commerce Version6.0.0.2
IbmWebsphere Commerce Version6.0.0.3
IbmWebsphere Commerce Version6.0.0.4
IbmWebsphere Commerce Version6.0.0.5
IbmWebsphere Commerce Version6.0.0.6
IbmWebsphere Commerce Version6.0.0.7
IbmWebsphere Commerce Version6.0.0.8
IbmWebsphere Commerce Version6.0.0.9
IbmWebsphere Commerce Version6.0.0.10
IbmWebsphere Commerce Version6.0.0.11
IbmWebsphere Commerce Version7.0
IbmWebsphere Commerce Version7.0.0.1
IbmWebsphere Commerce Version7.0.0.2
IbmWebsphere Commerce Version7.0.0.3
IbmWebsphere Commerce Version7.0.0.4
IbmWebsphere Commerce Version7.0.0.5
IbmWebsphere Commerce Version7.0.0.6
IbmWebsphere Commerce Version7.0.0.7
IbmWebsphere Commerce Version7.0.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.34% 0.675
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49897
http://www-01.ibm.com/support/docview.wss?uid=swg1JR50553
http://www-01.ibm.com/support/docview.wss?uid=swg21685464
Vendor Advisory
http://www.securityfocus.com/bid/70870
https://exchange.xforce.ibmcloud.com/vulnerabilities/95628