Lucene search

[email protected]CVE-2015-0133

HistoryMar 13, 2015 - 1:59 a.m.

CVE-2015-0133

2015-03-1301:59:25

[email protected]

web.nvd.nist.gov

ibm

websphere commerce

7.0

feature pack

xml external entity

xxe

cve-2015-0133

nvd

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.0%

JSON

IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

ibmwebsphere_commerceMatch7.0

CPENameOperatorVersion
ibm:websphere_commerceibm websphere commerceeq7.0

CPE	Name	Operator	Version
ibm:websphere_commerce	ibm websphere commerce	eq	7.0

References

www-01.ibm.com/support/docview.wss?uid=swg1JR52499

www-01.ibm.com/support/docview.wss?uid=swg21696242

www.securitytracker.com/id/1031881

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2015-0133

cvelist1 nvd1 prion1