Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data.
CVEID:CVE-2014-3004
**DESCRIPTION:**Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93519 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Control Center | 6.2.0.0 |
Product
|
VRMF
|
iFix
|
Remediation
β|β|β|β
IBM Control Center
|
6.2.0.0
|
iFix09
|
None