Lucene search

K
nvd[email protected]NVD:CVE-2014-6114
HistoryDec 11, 2014 - 11:59 a.m.

CVE-2014-6114

2014-12-1111:59:10
CWE-200
web.nvd.nist.gov
6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.008

Percentile

82.1%

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

Nvd
Node
ibmoperational_decision_managerMatch8.0
OR
ibmoperational_decision_managerMatch8.5
OR
ibmoperational_decision_managerMatch8.6
OR
ibmwebsphere_ilog_jrulesMatch7.1
OR
ibmwebsphere_operational_decision_managementMatch7.5
VendorProductVersionCPE
ibmoperational_decision_manager8.0cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*
ibmoperational_decision_manager8.5cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*
ibmoperational_decision_manager8.6cpe:2.3:a:ibm:operational_decision_manager:8.6:*:*:*:*:*:*:*
ibmwebsphere_ilog_jrules7.1cpe:2.3:a:ibm:websphere_ilog_jrules:7.1:*:*:*:*:*:*:*
ibmwebsphere_operational_decision_management7.5cpe:2.3:a:ibm:websphere_operational_decision_management:7.5:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.008

Percentile

82.1%

Related for NVD:CVE-2014-6114