exploitDog

CVE-2014-0854

Опубликовано: 22 фев. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cognos_business_intelligence:8.4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00217

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-84f5-pfh3-xh7j

github

больше 3 лет назад

The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

EPSS

Процентиль: 44%

0.00217

Низкий

5 Medium

CVSS2

Дефекты

CWE-264