Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 17/08/2014 Updated: 29/08/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

callService.do in IBM Business Process Manager (BPM) 7.5 up to and including 8.5.5 and WebSphere Lombardi Edition 7.2 up to and including 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm business process manager 8.0.1.0
ibm business process manager 8.0.1.1
ibm business process manager 7.5.0.1
ibm business process manager 7.5.1.0
ibm business process manager 7.5.1.1
ibm business process manager 8.5.0.1
ibm business process manager 8.5.5.0
ibm websphere application server 7.2
ibm business process manager 7.5.0.0
ibm business process manager 8.0.1.2
ibm business process manager 8.5.0.0
ibm business process manager 7.5.1.2
ibm business process manager 8.0.0.0

CWE-200 http://www-01.ibm.com/support/docview.wss?uid=swg21679726 http://www-01.ibm.com/support/docview.wss?uid=swg1JR50616 http://www.securityfocus.com/bid/69264 http://secunia.com/advisories/60757 http://secunia.com/advisories/60755 http://secunia.com/advisories/60752 https://exchange.xforce.ibmcloud.com/vulnerabilities/94112 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3087

Vulnerability Summary

References

Vulmon Search

About

Products

Connect