Red Hat · Red Hat Jboss Data Virtualization · CVE-2014-0171
**Name of the Vulnerable Software and Affected Versions**
Red Hat JBoss Data Virtualization versions prior to 6.0.0 patch 4
**Description**
The issue allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, specifically due to an XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j.
**Recommendations**
For versions prior to 6.0.0 patch 4, update to version 6.0.0 patch 4 or later to resolve the issue.