4

CVE-2014-6212

EPSS 0.21%
Published 10.01.2015 02:59:28
Last modified 12.04.2025 10:46:40
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Emptoris Sourcing Portfolio Version9.5.0.0

Ibm ≫ Emptoris Sourcing Portfolio Version9.5.0.1

Ibm ≫ Emptoris Sourcing Portfolio Version9.5.0.2

Ibm ≫ Emptoris Sourcing Portfolio Version9.5.1.0

Ibm ≫ Emptoris Sourcing Portfolio Version9.5.1.1

Ibm ≫ Emptoris Sourcing Portfolio Version9.5.1.2

Ibm ≫ Emptoris Sourcing Portfolio Version9.5.1.3

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.0.0

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.0.1

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.1.0

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.1.1

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.1.2

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.1.3

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.2.0

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.2.2

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.2.3

Ibm ≫ Emptoris Sourcing Portfolio Version10.0.2.4

Ibm ≫ Emptoris Program Management Version10.0.0.0

Ibm ≫ Emptoris Program Management Version10.0.0.1

Ibm ≫ Emptoris Program Management Version10.0.0.2

Ibm ≫ Emptoris Program Management Version10.0.0.3

Ibm ≫ Emptoris Program Management Version10.0.1.0

Ibm ≫ Emptoris Program Management Version10.0.1.1

Ibm ≫ Emptoris Program Management Version10.0.1.2

Ibm ≫ Emptoris Program Management Version10.0.1.3

Ibm ≫ Emptoris Program Management Version10.0.1.4

Ibm ≫ Emptoris Program Management Version10.0.2.0

Ibm ≫ Emptoris Program Management Version10.0.2.1

Ibm ≫ Emptoris Program Management Version10.0.2.2

Ibm ≫ Emptoris Program Management Version10.0.2.3

Ibm ≫ Emptoris Program Management Version10.0.2.4

Ibm ≫ Emptoris Contract Management Version9.5.0.0

Ibm ≫ Emptoris Contract Management Version9.5.0.1

Ibm ≫ Emptoris Contract Management Version9.5.0.2

Ibm ≫ Emptoris Contract Management Version9.5.0.3

Ibm ≫ Emptoris Contract Management Version9.5.0.4

Ibm ≫ Emptoris Contract Management Version9.5.0.5

Ibm ≫ Emptoris Contract Management Version9.5.0.6

Ibm ≫ Emptoris Contract Management Version10.0.0.0

Ibm ≫ Emptoris Contract Management Version10.0.0.1

Ibm ≫ Emptoris Contract Management Version10.0.1.0

Ibm ≫ Emptoris Contract Management Version10.0.1.1

Ibm ≫ Emptoris Contract Management Version10.0.1.2

Ibm ≫ Emptoris Contract Management Version10.0.1.3

Ibm ≫ Emptoris Contract Management Version10.0.1.4

Ibm ≫ Emptoris Contract Management Version10.0.1.5

Ibm ≫ Emptoris Contract Management Version10.0.2.0

Ibm ≫ Emptoris Contract Management Version10.0.2.1

Ibm ≫ Emptoris Contract Management Version10.0.2.2

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.0.0

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.0.1

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.0.2

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.0.3

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.1.0

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.1.1

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.1.2

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.1.3

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.1.4

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.2.0

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.2.1

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.2.2

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.2.3

Ibm ≫ Emptoris Versionstrategic_supply_management Update10.0.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.402

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

http://www-01.ibm.com/support/docview.wss?uid=swg21693069

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/98689

https://nvd.nist.gov/vuln/detail/CVE-2014-6212

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-6212

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-6212

EUVD