This Security Bulletin addresses the security vulnerability CVE-2014-6114 in IBM Operational Decision Manager.
This issue is related to the usage of the Hosted Transparent Decision Service in Rule Execution Server.
DESCRIPTION:
IBM WebSphere Operational Decision Management could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could declare an entity referencing the content of a local file to obtain sensitive information.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96211> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Download available from Fix Central
Version
|
Fix name
|
Fix Id
—|—|—
V7.1| Mod pack 1 Fix pack 5 interim fix 43| 7.1.1.5-WS-ODM_DS-IF043
v7.5| Fix pack 3 Interim Fix 41| 7.5.0.3-WS-ODM_DS-IF041
v8.0| Mod pack 1 Fix pack 2 interim fix 34| 8.0.1.2-WS-ODM_DS-IF034
v8.5| Mod pack 1 Fix pack 1 Interim Fix 43| 8.5.1.1-WS-ODM_DS-IF043
v8.6| interim fix 8| 8.6.0.0-WS-ODM_DSR-IF008
none known. Apply fixes