The Castor Project Castor library is vulnerable affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server.
CVE ID: CVE-2014-3004
Description: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93519> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench versions:
The fixes for the CVE(s) mentioned above have been incorporated into the 1.3.3 release of Castor library, and included in a set of new fixpacks available from IBM.
Upgrade your installation as follows:
Visit IBM Fix Central to search for, download and apply the following fixpacks for your version of product:
None