PT-2015-4494 · Ibm · Ibm Websphere Commerce

Published

2015-03-13

Updated

2015-09-11

CVE-2015-0133

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce versions 7.0 Feature Pack 4 through 8

Description The issue allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For IBM WebSphere Commerce versions 7.0 Feature Pack 4 through 8, update to a version that fixes the XML External Entity (XXE) issue to prevent remote attackers from reading arbitrary files and obtaining administrative privileges.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-0133

Affected Products

Ibm Websphere Commerce

PT-2015-4494 · Ibm · Ibm Websphere Commerce

CVE-2015-0133

Related Identifiers

Affected Products

References · 4