CVE-2015-0133

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce versions 7.0 Feature Pack 4 through 8

Description The issue allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For IBM WebSphere Commerce versions 7.0 Feature Pack 4 through 8, update to a version that fixes the XML External Entity (XXE) issue to prevent remote attackers from reading arbitrary files and obtaining administrative privileges.