CVE-2014-6114

2014-12-1111:59:10

CWE-200

[email protected]

web.nvd.nist.gov

cve-2014-6114

ibm

websphere

ilog

jrules

decision manager

remote attackers

xml

entity declaration

xml external entity (xxe) issue

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

ibmoperational_decision_managerMatch8.0

ibmoperational_decision_managerMatch8.5

ibmoperational_decision_managerMatch8.6

ibmwebsphere_ilog_jrulesMatch7.1

ibmwebsphere_operational_decision_managementMatch7.5

CPENameOperatorVersion
ibm:operational_decision_manageribm operational decision managereq8.0
ibm:operational_decision_manageribm operational decision managereq8.5
ibm:operational_decision_manageribm operational decision managereq8.6
ibm:websphere_ilog_jrulesibm websphere ilog jruleseq7.1
ibm:websphere_operational_decision_managementibm websphere operational decision managementeq7.5

CPE	Name	Operator	Version
ibm:operational_decision_manager	ibm operational decision manager	eq	8.0
ibm:operational_decision_manager	ibm operational decision manager	eq	8.5
ibm:operational_decision_manager	ibm operational decision manager	eq	8.6
ibm:websphere_ilog_jrules	ibm websphere ilog jrules	eq	7.1
ibm:websphere_operational_decision_management	ibm websphere operational decision management	eq	7.5