5

CVE-2014-6114

EPSS 0.86%
Published 11.12.2014 11:59:10
Last modified 12.04.2025 10:46:40
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Operational Decision Manager Version8.0

Ibm ≫ Operational Decision Manager Version8.5

Ibm ≫ Operational Decision Manager Version8.6

Ibm ≫ Websphere Ilog Jrules Version7.1

Ibm ≫ Websphere Operational Decision Management Version7.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.86%	0.73

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www-01.ibm.com/support/docview.wss?uid=swg21691815

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/96211

https://nvd.nist.gov/vuln/detail/CVE-2014-6114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-6114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-6114

EUVD