The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x prior to 8.0.0.10 and 8.5.x prior to 8.5.5.4, and Feature Pack for CEA 1.x prior to 1.0.0.15, allows remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere application server 8.0.0.0 |
||
ibm websphere application server 8.0.0.1 |
||
ibm websphere application server 8.0.0.8 |
||
ibm websphere application server 8.0.0.9 |
||
ibm websphere application server 8.5.5.3 |
||
ibm websphere application server 8.0.0.6 |
||
ibm websphere application server 8.0.0.7 |
||
ibm websphere application server 8.5.5.1 |
||
ibm websphere application server 8.5.5.2 |
||
ibm websphere application server 8.0.0.4 |
||
ibm websphere application server 8.0.0.5 |
||
ibm websphere application server 8.5.0.2 |
||
ibm websphere application server 8.5.5.0 |
||
ibm websphere application server 8.0.0.2 |
||
ibm websphere application server 8.0.0.3 |
||
ibm websphere application server 8.5.0.0 |
||
ibm websphere application server 8.5.0.1 |