Vulnerability Description
The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Integration Bus | 9.0 |
| Ibm | Websphere Message Broker | 7.0. |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT01929
- http://www-01.ibm.com/support/docview.wss?uid=swg21690725Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98309
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT01929
- http://www-01.ibm.com/support/docview.wss?uid=swg21690725Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98309
FAQ
What is CVE-2014-6170?
CVE-2014-6170 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by trigg...
How severe is CVE-2014-6170?
CVE-2014-6170 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-6170?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Integration Bus, Ibm Websphere Message Broker.