CVE-2014-6170: Infoleak
First published: Mon Feb 02 2015(Updated: )
The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Integration Bus for z/OS | =9.0 | |
| IBM Integration Bus for z/OS | =9.0.0.1 | |
| IBM Integration Bus for z/OS | =9.0.0.2 | |
| IBM Integration Bus for z/OS | =9.0.0.3 | |
| IBM WebSphere Message Broker | =7.0. | |
| IBM WebSphere Message Broker | =7.0.0.1 | |
| IBM WebSphere Message Broker | =7.0.0.2 | |
| IBM WebSphere Message Broker | =7.0.0.3 | |
| IBM WebSphere Message Broker | =7.0.0.4 | |
| IBM WebSphere Message Broker | =7.0.0.5 | |
| IBM WebSphere Message Broker | =7.0.0.6 | |
| IBM WebSphere Message Broker | =7.0.0.7 | |
| IBM WebSphere Message Broker | =8.0 | |
| IBM WebSphere Message Broker | =8.0.0.1 | |
| IBM WebSphere Message Broker | =8.0.0.2 | |
| IBM WebSphere Message Broker | =8.0.0.3 | |
| IBM WebSphere Message Broker | =8.0.0.4 | |
| IBM WebSphere Message Broker | =8.0.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6170?
The severity of CVE-2014-6170 is considered medium, as it allows remote attackers to obtain sensitive information.
How do I fix CVE-2014-6170?
To fix CVE-2014-6170, upgrade IBM WebSphere Message Broker or IBM Integration Bus to a version that addresses this vulnerability.
What versions are affected by CVE-2014-6170?
CVE-2014-6170 affects IBM WebSphere Message Broker versions 7.0, 8.0, and IBM Integration Bus version 9.0 prior to their respective fixes.
Can CVE-2014-6170 be exploited remotely?
Yes, CVE-2014-6170 can be exploited remotely by attackers to trigger a SOAP fault and gain sensitive information.
What impact does CVE-2014-6170 have on my IBM software?
CVE-2014-6170 can lead to leakage of sensitive information, which may compromise the security of your IBM WebSphere Message Broker or Integration Bus systems.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm integration bus for z/os
- version/ibm integration bus for z/os/9.0
- version/ibm integration bus for z/os/9.0.0.1
- version/ibm integration bus for z/os/9.0.0.2
- version/ibm integration bus for z/os/9.0.0.3
- canonical/ibm websphere message broker
- version/ibm websphere message broker/7.0.
- version/ibm websphere message broker/7.0.0.1
- version/ibm websphere message broker/7.0.0.2
- version/ibm websphere message broker/7.0.0.3
- version/ibm websphere message broker/7.0.0.4
- version/ibm websphere message broker/7.0.0.5
- version/ibm websphere message broker/7.0.0.6
- version/ibm websphere message broker/7.0.0.7
- version/ibm websphere message broker/8.0
- version/ibm websphere message broker/8.0.0.1
- version/ibm websphere message broker/8.0.0.2
- version/ibm websphere message broker/8.0.0.3
- version/ibm websphere message broker/8.0.0.4
- version/ibm websphere message broker/8.0.0.5