Lucene search
IbmCVE-2015-0133HistoryMar 13, 2015 - 1:59 a.m.
CVE-2015-0133
2015-03-1301:59:25
ibm
web.nvd.nist.gov
21
ibm
websphere commerce
7.0
feature pack
xml external entity
xxe
cve-2015-0133
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.003
Percentile
69.1%
IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Affected configurations
Node
ibmwebsphere_commerceMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_commerce | 7.0 | cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:* |
Related
prion
prion
Xxe
2015-03-13 01:59:00
nvd
nvd
CVE-2015-0133
2015-03-13 01:59:25
cvelist
cvelist
CVE-2015-0133
2015-03-13 01:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.003
Percentile
69.1%
Related for CVE-2015-0133