CVE-2014-6170

CWE-200Information Exposure3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 53.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Integration BUSIBM Websphere Message Broker
Timeline
PublishedFeb 2
Latest updateMay 17

Description

The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDibm/websphere_message_broker14 versions+13
NVDibm/integration_bus4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-h9rm-9wgh-xhff: The HTTPInput node in IBM WebSphere Message Broker 72022-05-17
CVEList
CVE-2014-6170: The HTTPInput node in IBM WebSphere Message Broker 72015-02-02
CVE-2014-6170 (MEDIUM CVSS 5) | The HTTPInput node in IBM WebSphere | cvebase.io