1. CVE-Search
  2. CVE-2014-6166
ID CVE-2014-6166
Summary The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. <a href="http://cwe.mitre.org/data/definitions/611.html">CCWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
aixapar
  • PI25310
  • PI28632
confirm http://www-01.ibm.com/support/docview.wss?uid=swg21690185
xf ibm-websphere-cve20146166-info-disc(97746)
Last major update 08-09-2017 - 01:29
Published 18-12-2014 - 16:59
Last modified 08-09-2017 - 01:29
Back to Top