CVE-2014-4769
First published: Wed Nov 05 2014(Updated: )
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Commerce | =6.0.0.0 | |
| IBM WebSphere Commerce | =6.0.0.1 | |
| IBM WebSphere Commerce | =6.0.0.2 | |
| IBM WebSphere Commerce | =6.0.0.3 | |
| IBM WebSphere Commerce | =6.0.0.4 | |
| IBM WebSphere Commerce | =6.0.0.5 | |
| IBM WebSphere Commerce | =6.0.0.6 | |
| IBM WebSphere Commerce | =6.0.0.7 | |
| IBM WebSphere Commerce | =6.0.0.8 | |
| IBM WebSphere Commerce | =6.0.0.9 | |
| IBM WebSphere Commerce | =6.0.0.10 | |
| IBM WebSphere Commerce | =6.0.0.11 | |
| IBM WebSphere Commerce | =7.0 | |
| IBM WebSphere Commerce | =7.0.0.1 | |
| IBM WebSphere Commerce | =7.0.0.2 | |
| IBM WebSphere Commerce | =7.0.0.3 | |
| IBM WebSphere Commerce | =7.0.0.4 | |
| IBM WebSphere Commerce | =7.0.0.5 | |
| IBM WebSphere Commerce | =7.0.0.6 | |
| IBM WebSphere Commerce | =7.0.0.7 | |
| IBM WebSphere Commerce | =7.0.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-4769?
CVE-2014-4769 has a medium severity rating, allowing remote authenticated users to potentially read arbitrary files.
How do I fix CVE-2014-4769?
To fix CVE-2014-4769, apply the latest patch released by IBM for the affected versions of WebSphere Commerce.
Which versions of IBM WebSphere Commerce are affected by CVE-2014-4769?
CVE-2014-4769 affects IBM WebSphere Commerce versions 6.x up to 6.0.0.11 and 7.x up to 7.0.0.8.
What type of attack does CVE-2014-4769 enable?
CVE-2014-4769 allows attackers to perform XML External Entity (XXE) attacks, which can lead to exposure of sensitive information.
Who can exploit CVE-2014-4769?
CVE-2014-4769 can be exploited by remote authenticated users, making it imperative to secure user access.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere commerce
- version/ibm websphere commerce/6.0.0.0
- version/ibm websphere commerce/6.0.0.1
- version/ibm websphere commerce/6.0.0.2
- version/ibm websphere commerce/6.0.0.3
- version/ibm websphere commerce/6.0.0.4
- version/ibm websphere commerce/6.0.0.5
- version/ibm websphere commerce/6.0.0.6
- version/ibm websphere commerce/6.0.0.7
- version/ibm websphere commerce/6.0.0.8
- version/ibm websphere commerce/6.0.0.9
- version/ibm websphere commerce/6.0.0.10
- version/ibm websphere commerce/6.0.0.11
- version/ibm websphere commerce/7.0
- version/ibm websphere commerce/7.0.0.1
- version/ibm websphere commerce/7.0.0.2
- version/ibm websphere commerce/7.0.0.3
- version/ibm websphere commerce/7.0.0.4
- version/ibm websphere commerce/7.0.0.5
- version/ibm websphere commerce/7.0.0.6
- version/ibm websphere commerce/7.0.0.7
- version/ibm websphere commerce/7.0.0.8