CVE-2014-0854XML External Entity (XXE) Injection in IBM Cognos Business Intelligence

CWE-2643 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 55.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Business Intelligence
Timeline
PublishedFeb 22
Latest updateMay 17

Description

The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-84f5-pfh3-xh7j: The server in IBM Cognos Business Intelligence (BI) 82022-05-17
CVEList
CVE-2014-0854: The server in IBM Cognos Business Intelligence (BI) 82014-02-22
CVE-2014-0854 — XML External Entity (XXE) Injection | cvebase