CVE-2014-6166

First published: Thu Dec 18 2014(Updated: )

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Credit: psirt@us.ibm.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/references
• agent/severity
• agent/author
• agent/type
• agent/description
• agent/event
• agent/last-modified-date
• agent/tags
• agent/first-publish-date
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• vendor/ibm
• canonical/ibm websphere application server
• version/ibm websphere application server/8.0.0.0
• version/ibm websphere application server/8.0.0.1
• version/ibm websphere application server/8.0.0.2
• version/ibm websphere application server/8.0.0.3
• version/ibm websphere application server/8.0.0.4
• version/ibm websphere application server/8.0.0.5
• version/ibm websphere application server/8.0.0.6
• version/ibm websphere application server/8.0.0.7
• version/ibm websphere application server/8.0.0.8
• version/ibm websphere application server/8.0.0.9
• version/ibm websphere application server/8.5.0.0
• version/ibm websphere application server/8.5.0.1
• version/ibm websphere application server/8.5.0.2
• version/ibm websphere application server/8.5.5.0
• version/ibm websphere application server/8.5.5.1
• version/ibm websphere application server/8.5.5.2
• version/ibm websphere application server/8.5.5.3