Back to search
CVE-2014-3087
Published: Aug 17, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
69264
vdb-entry
x_refsource_BID
ibm-websphere-cve20143087-info-disc(94112)
vdb-entry
x_refsource_XF
JR50616
vendor-advisory
x_refsource_AIXAPAR
60757
third-party-advisory
x_refsource_SECUNIA
60755
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21679726
x_refsource_CONFIRM
60752
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now