CVE-2014-4769XML External Entity (XXE) Injection in IBM Websphere Commerce

3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 49.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedNov 5
Latest updateMay 13

Description

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_commerce21 versions+20

🔴Vulnerability Details

2
GHSA
GHSA-8hw7-7h75-8xrp: IBM WebSphere Commerce 62022-05-13
CVEList
CVE-2014-4769: IBM WebSphere Commerce 62014-11-05
CVE-2014-4769 — XML External Entity (XXE) Injection | cvebase