← Back

CVE-2014-4814

nvd nist
Published: Oct 28, 2014Modified: May 6, 2026

JSON object

Loading...
3.5
Vector
AV:N/AC:M/Au:S/C:N/I:N/A:P
Exploitability: 6.8 / Impact: 2.9
Source: NVD

Description

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Affected (17)

Ibm
1 product
Websphere Portal
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Websphere Portal
Version 6.1.0.0
Websphere Portal
Version 6.1.0.1
Websphere Portal
Version 6.1.0.2
Websphere Portal
Version 6.1.0.3
Websphere Portal
Version 6.1.0.4
Websphere Portal
Version 6.1.0.5
Websphere Portal
Version 6.1.0.6
Websphere Portal
Version 6.1.5.0
Websphere Portal
Version 6.1.5.1
Websphere Portal
Version 6.1.5.2
Websphere Portal
Version 6.1.5.3
Websphere Portal
Version 7.0.0.0
Websphere Portal
Version 7.0.0.1
Websphere Portal
Version 7.0.0.2
Websphere Portal
Version 8.0.0.0
Websphere Portal
Version 8.0.0.1
Websphere Portal
Version 8.5.0.0

Related CWEs

CWE-399
CWE-399

References (10)

Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.