CVE-2014-6114

Name of the Vulnerable Software and Affected Versions IBM WebSphere ILOG JRules version 7.1 before MP1 FP5 IF43 WebSphere Operational Decision Management versions 7.5 before FP3 IF41 Operational Decision Manager versions 8.0 before MP1 FP2 IF34 Operational Decision Manager versions 8.5 before MP1 FP1 IF43 Operational Decision Manager versions 8.6 before IF8

Description The issue allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For IBM WebSphere ILOG JRules version 7.1, update to MP1 FP5 IF43 or later. For WebSphere Operational Decision Management version 7.5, update to FP3 IF41 or later. For Operational Decision Manager version 8.0, update to MP1 FP2 IF34 or later. For Operational Decision Manager version 8.5, update to MP1 FP1 IF43 or later. For Operational Decision Manager version 8.6, update to IF8 or later.