IBM88582C903A248BCDA3A807716CFEB2827B18B1490C7F2137DC92F92949AC8615Security Bulletin: IBM Operational Decision Manager : CVE-2014-6114
EPSS
Percentile
82.1%
Summary
This Security Bulletin addresses the security vulnerability CVE-2014-6114 in IBM Operational Decision Manager.
This issue is related to the usage of the Hosted Transparent Decision Service in Rule Execution Server.
Vulnerability Details
CVE ID: CVE-2014-6114
DESCRIPTION:
IBM WebSphere Operational Decision Management could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could declare an entity referencing the content of a local file to obtain sensitive information.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96211> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
-
- WebSphere ILOG JRules 7.1
- IBM WebSphere Operational Decision Management v7.5
- IBM Operational Decision Manager v8.0
- IBM Operational Decision Manager v8.5
- IBM Operational Decision Manager v8.6
Remediation/Fixes
Download available from Fix Central
Version
|
Fix name
|
Fix Id
—|—|—
V7.1| Mod pack 1 Fix pack 5 interim fix 43| 7.1.1.5-WS-ODM_DS-IF043
v7.5| Fix pack 3 Interim Fix 41| 7.5.0.3-WS-ODM_DS-IF041
v8.0| Mod pack 1 Fix pack 2 interim fix 34| 8.0.1.2-WS-ODM_DS-IF034
v8.5| Mod pack 1 Fix pack 1 Interim Fix 43| 8.5.1.1-WS-ODM_DS-IF043
v8.6| interim fix 8| 8.6.0.0-WS-ODM_DSR-IF008
Workarounds and Mitigations
none known. Apply fixes
Related
EPSS
Percentile
82.1%