Vulnerability Description
IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Endpoint Manager | 9.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/58672
- http://secunia.com/advisories/58906
- http://www-01.ibm.com/support/docview.wss?uid=swg21673961
- http://www-01.ibm.com/support/docview.wss?uid=swg21673967Vendor Advisory
- http://www.securitytracker.com/id/1030508
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93630
- http://secunia.com/advisories/58672
- http://secunia.com/advisories/58906
- http://www-01.ibm.com/support/docview.wss?uid=swg21673961
- http://www-01.ibm.com/support/docview.wss?uid=swg21673967Vendor Advisory
- http://www.securitytracker.com/id/1030508
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93630
FAQ
What is CVE-2014-3066?
CVE-2014-3066 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, relate...
How severe is CVE-2014-3066?
CVE-2014-3066 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3066?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Endpoint Manager.