What is the severity of CVE-2014-3087?

CVE-2014-3087 has a severity rating that varies based on the specific deployment, but it is generally considered as high due to the ability of authenticated users to exploit the vulnerability.

How do I fix CVE-2014-3087?

To fix CVE-2014-3087, IBM recommends updating to the latest version of the Business Process Manager or applying the appropriate security patches provided for affected versions.

Who is affected by CVE-2014-3087?

CVE-2014-3087 affects users of IBM Business Process Manager versions 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5.

What type of vulnerability is CVE-2014-3087?

CVE-2014-3087 is an XML External Entity (XXE) vulnerability that allows for arbitrary file reading.

Can CVE-2014-3087 be exploited remotely?

Yes, CVE-2014-3087 can be exploited remotely by authenticated users, enabling them to read arbitrary files on the server.

Vulnerability/
CVE-2014-3087

medium

CWE

200

17/8/2014

6/8/2024

CVE-2014-3087: Infoleak

First published: Sun Aug 17 2014(Updated: )

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.5.0
Ibm Websphere Application Server	=7.2

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21679726

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3087?
CVE-2014-3087 has a severity rating that varies based on the specific deployment, but it is generally considered as high due to the ability of authenticated users to exploit the vulnerability.
How do I fix CVE-2014-3087?
To fix CVE-2014-3087, IBM recommends updating to the latest version of the Business Process Manager or applying the appropriate security patches provided for affected versions.
Who is affected by CVE-2014-3087?
CVE-2014-3087 affects users of IBM Business Process Manager versions 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5.
What type of vulnerability is CVE-2014-3087?
CVE-2014-3087 is an XML External Entity (XXE) vulnerability that allows for arbitrary file reading.
Can CVE-2014-3087 be exploited remotely?
Yes, CVE-2014-3087 can be exploited remotely by authenticated users, enabling them to read arbitrary files on the server.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/remedy
agent/last-modified-date
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/ibm
canonical/ibm business process manager
version/ibm business process manager/7.5.0.0
version/ibm business process manager/7.5.0.1
version/ibm business process manager/7.5.1.0
version/ibm business process manager/7.5.1.1
version/ibm business process manager/7.5.1.2
version/ibm business process manager/8.0.0.0
version/ibm business process manager/8.0.1.0
version/ibm business process manager/8.0.1.1
version/ibm business process manager/8.0.1.2
version/ibm business process manager/8.5.0.0
version/ibm business process manager/8.5.0.1
version/ibm business process manager/8.5.5.0
canonical/ibm websphere application server
version/ibm websphere application server/7.2

Frequently Asked Questions

What is the severity of CVE-2014-3087?
CVE-2014-3087 has a severity rating that varies based on the specific deployment, but it is generally considered as high due to the ability of authenticated users to exploit the vulnerability.
How do I fix CVE-2014-3087?
To fix CVE-2014-3087, IBM recommends updating to the latest version of the Business Process Manager or applying the appropriate security patches provided for affected versions.
Who is affected by CVE-2014-3087?
CVE-2014-3087 affects users of IBM Business Process Manager versions 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5.
What type of vulnerability is CVE-2014-3087?
CVE-2014-3087 is an XML External Entity (XXE) vulnerability that allows for arbitrary file reading.
Can CVE-2014-3087 be exploited remotely?
Yes, CVE-2014-3087 can be exploited remotely by authenticated users, enabling them to read arbitrary files on the server.

CVE-2014-3087: Infoleak

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3087?

How do I fix CVE-2014-3087?

Who is affected by CVE-2014-3087?

What type of vulnerability is CVE-2014-3087?

Can CVE-2014-3087 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-3087?

How do I fix CVE-2014-3087?

Who is affected by CVE-2014-3087?

What type of vulnerability is CVE-2014-3087?

Can CVE-2014-3087 be exploited remotely?