PT-2015-4128 · Ibm · Tivoli Asset Discovery For Distributed+1

Publicado

2015-05-20

Atualizado

2017-01-03

CVE-2014-8924

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM License Metric Tool versions 7.2.2 before IF15 and 7.5 before IF24 Tivoli Asset Discovery for Distributed versions 7.2.2 before IF15 and 7.5 before IF24

Description The issue allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For IBM License Metric Tool versions 7.2.2 before IF15, apply the IF15 fix or later. For IBM License Metric Tool version 7.5 before IF24, apply the IF24 fix or later. For Tivoli Asset Discovery for Distributed versions 7.2.2 before IF15, apply the IF15 fix or later. For Tivoli Asset Discovery for Distributed version 7.5 before IF24, apply the IF24 fix or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2014-8924

Produtos afetados

Ibm License Metric Tool

Tivoli Asset Discovery For Distributed

PT-2015-4128 · Ibm · Tivoli Asset Discovery For Distributed+1

CVE-2014-8924

Identificadores relacionados

Produtos afetados

Referências · 3