CVE-2014-3066

CWE-200Information Exposure3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.9%
top 24.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Endpoint Manager
Timeline
PublishedJul 2
Latest updateMay 17

Description

IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gjp7-4gf3-7mvq: IBM Tivoli Endpoint Manager 92022-05-17
CVEList
CVE-2014-3066: IBM Tivoli Endpoint Manager 92014-07-02
CVE-2014-3066 (MEDIUM CVSS 5) | IBM Tivoli Endpoint Manager 9.1 bef | cvebase.io