CVE-2014-6114

Published: Dec 11, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (5)

Products: Ibm: Operational Decision Manager, Websphere Ilog Jrules, Websphere Operational Decision Management

Ibm

3 products

Operational Decision Manager

Websphere Ilog Jrules

Websphere Operational Decision Management

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Operational Decision Manager	Version 8.0
Ibm Operational Decision Manager	Version 8.5
Ibm Operational Decision Manager	Version 8.6
Ibm Websphere Ilog Jrules	Version 7.1
Ibm Websphere Operational Decision Management	Version 7.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21691815

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/96211

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21691815

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/96211

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.