Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-6212

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-6212
Last Modified 12 Jan 2015 04:31:51
Published 09 Jan 2015 09:59:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-6212

Summary

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Systems

Application

  • Ibm Emptoris Contract Management 10.0.0.0

  • Ibm Emptoris Contract Management 10.0.0.1

  • Ibm Emptoris Contract Management 10.0.1.0

  • Ibm Emptoris Contract Management 10.0.1.1

  • Ibm Emptoris Contract Management 10.0.1.2

  • Ibm Emptoris Contract Management 10.0.1.3

  • Ibm Emptoris Contract Management 10.0.1.4

  • Ibm Emptoris Contract Management 10.0.1.5

  • Ibm Emptoris Contract Management 10.0.2.0

  • Ibm Emptoris Contract Management 10.0.2.1

  • Ibm Emptoris Contract Management 10.0.2.2

  • Ibm Emptoris Contract Management 9.5.0.0

  • Ibm Emptoris Contract Management 9.5.0.1

  • Ibm Emptoris Contract Management 9.5.0.2

  • Ibm Emptoris Contract Management 9.5.0.3

  • Ibm Emptoris Contract Management 9.5.0.4

  • Ibm Emptoris Contract Management 9.5.0.5

  • Ibm Emptoris Contract Management 9.5.0.6

  • Ibm Emptoris Program Management 10.0.0.0

  • Ibm Emptoris Program Management 10.0.0.1

  • Ibm Emptoris Program Management 10.0.0.2

  • Ibm Emptoris Program Management 10.0.0.3

  • Ibm Emptoris Program Management 10.0.1.0

  • Ibm Emptoris Program Management 10.0.1.1

  • Ibm Emptoris Program Management 10.0.1.2

  • Ibm Emptoris Program Management 10.0.1.3

  • Ibm Emptoris Program Management 10.0.1.4

  • Ibm Emptoris Program Management 10.0.2.0

  • Ibm Emptoris Program Management 10.0.2.1

  • Ibm Emptoris Program Management 10.0.2.2

  • Ibm Emptoris Program Management 10.0.2.3

  • Ibm Emptoris Program Management 10.0.2.4

  • Ibm Emptoris Sourcing Portfolio 10.0.0.0

  • Ibm Emptoris Sourcing Portfolio 10.0.0.1

  • Ibm Emptoris Sourcing Portfolio 10.0.1.0

  • Ibm Emptoris Sourcing Portfolio 10.0.1.1

  • Ibm Emptoris Sourcing Portfolio 10.0.1.2

  • Ibm Emptoris Sourcing Portfolio 10.0.1.3

  • Ibm Emptoris Sourcing Portfolio 10.0.2.0

  • Ibm Emptoris Sourcing Portfolio 10.0.2.2

  • Ibm Emptoris Sourcing Portfolio 10.0.2.3

  • Ibm Emptoris Sourcing Portfolio 10.0.2.4

  • Ibm Emptoris Sourcing Portfolio 9.5.0.0

  • Ibm Emptoris Sourcing Portfolio 9.5.0.1

  • Ibm Emptoris Sourcing Portfolio 9.5.0.2

  • Ibm Emptoris Sourcing Portfolio 9.5.1.0

  • Ibm Emptoris Sourcing Portfolio 9.5.1.1

  • Ibm Emptoris Sourcing Portfolio 9.5.1.2

  • Ibm Emptoris Sourcing Portfolio 9.5.1.3

  • Ibm Emptoris Strategic Supply Management


References

XF - ibm-emptoris-cve20146212-xxe(98689)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21693069


Last Updated: 27 May 2016 11:07:29