CVE-2014-3066

high

Description

IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93630

http://www.securitytracker.com/id/1030508

http://www-01.ibm.com/support/docview.wss?uid=swg21673967

http://www-01.ibm.com/support/docview.wss?uid=swg21673961

http://secunia.com/advisories/58906

http://secunia.com/advisories/58672

Details

Source: Mitre, NVD

Published: 2014-07-02

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics