Vulnerability-Lookup

CVE-2014-6212 (GCVE-0-2014-6212)

Vulnerability from cvelistv5 – Published: 2015-01-10 02:00 – Updated: 2024-08-06 12:10

Summary

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

GHSA-HJ7C-XH4M-FM7W

Vulnerability from github – Published: 2022-05-17 01:14 – Updated: 2022-05-17 01:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-6212"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-10T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-hj7c-xh4m-fm7w",
  "modified": "2022-05-17T01:14:41Z",
  "published": "2022-05-17T01:14:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6212"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2014-6212

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-6212

Aliases

CVE-2014-6212

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-6212",
    "description": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
    "id": "GSD-2014-6212"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-6212"
      ],
      "details": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
      "id": "GSD-2014-6212",
      "modified": "2023-12-13T01:22:50.024785Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2014-6212",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ibm-emptoris-cve20146212-xxe(98689)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6212"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
            },
            {
              "name": "ibm-emptoris-cve20146212-xxe(98689)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-01-10T02:59Z"
    }
  }
}

CNVD-2015-00323

Vulnerability from cnvd - Published: 2015-01-15

Title

多个IBM产品存在XML外部实体信息泄露漏洞

Description

IBM Emptoris Contract Management软件是可实现合同生命周期自动化的解决方案。多个IBM产品存在XML外部实体信息泄露漏洞，攻击者可以利用此漏洞访问敏感信息。

Severity

低

Patch Name

多个IBM产品存在XML外部实体信息泄露漏洞的补丁

Patch Description

IBM Emptoris Contract Management软件是可实现合同生命周期自动化的解决方案。多个IBM产品存在XML外部实体信息泄露漏洞，攻击者可以利用此漏洞访问敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可以联系供应商获得补丁信息： http://www-01.ibm.com/support/docview.wss?uid=swg21693069

Reference

http://www.securityfocus.com/bid/72026 http://www-01.ibm.com/support/docview.wss?uid=swg21693069

Impacted products

Name
['IBM Emptoris Contract Management 9.5.x（<9.5.0.6 iFix11）', 'IBM Emptoris Contract Management 10.0.0.x（<10.0.0.1 iFix12）', 'IBM Emptoris Contract Management 10.0.1.x（<10.0.1.5 iFix2）', 'IBM Emptoris Contract Management 10.0.2.x（<10.0.2.2 iFix5）']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72026"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-6212"
    }
  },
  "description": "IBM Emptoris Contract Management\u8f6f\u4ef6\u662f\u53ef\u5b9e\u73b0\u5408\u540c\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u7684\u89e3\u51b3\u65b9\u6848\u3002 \r\n\r\n\u591a\u4e2aIBM\u4ea7\u54c1\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u7528\u6237\u53ef\u4ee5\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21693069",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00323",
  "openTime": "2015-01-15",
  "patchDescription": "IBM Emptoris Contract Management\u8f6f\u4ef6\u662f\u53ef\u5b9e\u73b0\u5408\u540c\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u7684\u89e3\u51b3\u65b9\u6848\u3002 \r\n\r\n\u591a\u4e2aIBM\u4ea7\u54c1\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aIBM\u4ea7\u54c1\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Emptoris Contract Management 9.5.x\uff08\u003c9.5.0.6 iFix11\uff09",
      "IBM Emptoris Contract Management  10.0.0.x\uff08\u003c10.0.0.1 iFix12\uff09",
      "IBM Emptoris Contract Management  10.0.1.x\uff08\u003c10.0.1.5 iFix2\uff09",
      "IBM Emptoris Contract Management  10.0.2.x\uff08\u003c10.0.2.2 iFix5\uff09"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/72026\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21693069",
  "serverity": "\u4f4e",
  "submitTime": "2015-01-14",
  "title": "\u591a\u4e2aIBM\u4ea7\u54c1\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2014-6212

Vulnerability from fkie_nvd - Published: 2015-01-10 02:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21693069	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/98689
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21693069	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/98689

Impacted products

Vendor	Product	Version
ibm	emptoris_sourcing_portfolio	9.5.0.0
ibm	emptoris_sourcing_portfolio	9.5.0.1
ibm	emptoris_sourcing_portfolio	9.5.0.2
ibm	emptoris_sourcing_portfolio	9.5.1.0
ibm	emptoris_sourcing_portfolio	9.5.1.1
ibm	emptoris_sourcing_portfolio	9.5.1.2
ibm	emptoris_sourcing_portfolio	9.5.1.3
ibm	emptoris_sourcing_portfolio	10.0.0.0
ibm	emptoris_sourcing_portfolio	10.0.0.1
ibm	emptoris_sourcing_portfolio	10.0.1.0
ibm	emptoris_sourcing_portfolio	10.0.1.1
ibm	emptoris_sourcing_portfolio	10.0.1.2
ibm	emptoris_sourcing_portfolio	10.0.1.3
ibm	emptoris_sourcing_portfolio	10.0.2.0
ibm	emptoris_sourcing_portfolio	10.0.2.2
ibm	emptoris_sourcing_portfolio	10.0.2.3
ibm	emptoris_sourcing_portfolio	10.0.2.4
ibm	emptoris_program_management	10.0.0.0
ibm	emptoris_program_management	10.0.0.1
ibm	emptoris_program_management	10.0.0.2
ibm	emptoris_program_management	10.0.0.3
ibm	emptoris_program_management	10.0.1.0
ibm	emptoris_program_management	10.0.1.1
ibm	emptoris_program_management	10.0.1.2
ibm	emptoris_program_management	10.0.1.3
ibm	emptoris_program_management	10.0.1.4
ibm	emptoris_program_management	10.0.2.0
ibm	emptoris_program_management	10.0.2.1
ibm	emptoris_program_management	10.0.2.2
ibm	emptoris_program_management	10.0.2.3
ibm	emptoris_program_management	10.0.2.4
ibm	emptoris_contract_management	9.5.0.0
ibm	emptoris_contract_management	9.5.0.1
ibm	emptoris_contract_management	9.5.0.2
ibm	emptoris_contract_management	9.5.0.3
ibm	emptoris_contract_management	9.5.0.4
ibm	emptoris_contract_management	9.5.0.5
ibm	emptoris_contract_management	9.5.0.6
ibm	emptoris_contract_management	10.0.0.0
ibm	emptoris_contract_management	10.0.0.1
ibm	emptoris_contract_management	10.0.1.0
ibm	emptoris_contract_management	10.0.1.1
ibm	emptoris_contract_management	10.0.1.2
ibm	emptoris_contract_management	10.0.1.3
ibm	emptoris_contract_management	10.0.1.4
ibm	emptoris_contract_management	10.0.1.5
ibm	emptoris_contract_management	10.0.2.0
ibm	emptoris_contract_management	10.0.2.1
ibm	emptoris_contract_management	10.0.2.2
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management
ibm	emptoris	strategic_supply_management

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "516752F7-FBA1-4A6B-9BFB-B266024AEBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C6D86CF-6DCD-4B23-AA59-77780D9F141E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE02CB-CD39-4A88-8F9E-AFCDFBB9025F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AE268C-C2B0-4FC6-BC81-E1A34F95709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81CAB980-749B-4573-8C2E-A3C4E1313CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D4F224-F077-4C59-B76E-76A41F829B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6F09E04-62B4-4FC6-9A10-9D7ADAF60A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67AA9E6-8E05-4EA6-99ED-51C7F5D11501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E5F066-9DB4-4E4C-B253-6C3FA0386849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E34A7ACD-EF0D-4333-A3A0-8CE4CB132FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5820700D-1124-4BF3-ABF5-AD6271D2480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BC7A60-CF57-48BA-BDAF-C995E1FFF30F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CE689B-1C0B-47BF-811F-9B72165372BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37DB7389-8FF9-4E94-BD94-9685E6AADAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "162FE448-69CA-45B7-A902-A5F3A9966D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C9636B-D48A-4836-9679-A6E197FB35CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CBC2237-25F5-4526-BB42-74D7CC5997E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E9B1DC9-F22F-41BC-B6C9-4685875F8045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50FAD1F-069A-48FD-9A8A-F8119AAB7A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77305FCA-01E4-4737-970A-07C45396A976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "278587DC-3427-4427-9268-61EA751ACD33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4613100D-8070-46FA-8BBF-7A400CDF3418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5373CACA-8948-446C-A21F-324A4A8D57E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08D2BA9-80F9-4CC7-8388-620414472A77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CAB6666-011E-41B9-8996-896CC3D9D499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17ABFA96-BFA3-4C38-9CFB-08BF643A70CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73010A1-5692-49AD-9D64-F8AD988A77A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98991F0-404C-499D-8BE7-07A628D318EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADF55ABA-EA8E-4F11-BCF2-CB560E5AEB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "141AF70C-0AAD-45DC-AF01-FFD86D8D768C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "621FD0A9-C3AA-4114-961E-3B3F587CA3DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F3C251-C3BA-4304-9878-102F3F2FFFCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DA8E24-DDBC-48E0-A2A3-57E06CDCF85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70478E47-1C52-45E6-92A9-698CA5C25C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B85D7E5-9D5B-4B77-A032-3BF92C2EF735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85A9BD0-6E1F-4758-AEF3-E10CC4F9FDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "479D5852-9127-4AB3-82BB-37A552C14781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "991D88E6-740E-4F75-B616-5179B015A9D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6398295F-71CC-41F7-8258-624BC208EF89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:*",
              "matchCriteriaId": "204C0EAC-B3B2-4784-9817-B33438E53663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.1:*:*:*:*:*:*",
              "matchCriteriaId": "A273D433-B63F-4BF5-8831-428E8E083F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.2:*:*:*:*:*:*",
              "matchCriteriaId": "01F19980-C76C-412F-9EA7-08F71D947F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.3:*:*:*:*:*:*",
              "matchCriteriaId": "60E4BFC5-CF3C-480D-8EA7-CAC96060C406",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.0:*:*:*:*:*:*",
              "matchCriteriaId": "C456A948-C87A-4537-80A9-649BF593B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.1:*:*:*:*:*:*",
              "matchCriteriaId": "8094CD70-C955-4E1C-A0D3-B9166E24AB34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.2:*:*:*:*:*:*",
              "matchCriteriaId": "A499B3BF-7A08-4BB9-BA54-B16030F24E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.3:*:*:*:*:*:*",
              "matchCriteriaId": "3A3779FD-5E52-4CD4-AE0B-62E9B315AE1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.4:*:*:*:*:*:*",
              "matchCriteriaId": "1912BFE3-060C-4C53-ACAB-1A2B04566872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.0:*:*:*:*:*:*",
              "matchCriteriaId": "8051030A-B35F-483D-9D9F-40FE971C840F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.1:*:*:*:*:*:*",
              "matchCriteriaId": "0A90BFE2-578C-40E4-8A52-B8482E53B549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.2:*:*:*:*:*:*",
              "matchCriteriaId": "6935C831-2C4B-4E96-855A-F91C3FDE0749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.3:*:*:*:*:*:*",
              "matchCriteriaId": "59034A1D-ECE9-4A1A-ADC6-1FB37AE29D16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.4:*:*:*:*:*:*",
              "matchCriteriaId": "814D1A05-F245-4AD1-8429-D7577F4F61BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "La API Echo en IBM Emptoris Contract Management 9.5.x anterior a 9.5.0.6 iFix11, 10.0.0.x anterior a 10.0.0.1 iFix12, 10.0.1.x anterior a 10.0.1.5 iFix2, y 10.0.2.x anterior a 10.0.2.2 iFix5; Emptoris Sourcing 9.5 anterior a 9.5.1.3 iFix2, 10.0.0.x anterior a 10.0.0.1 iFix1, 10.0.1.x anterior a 10.0.1.3 iFix1, y 10.0.2.x anterior a 10.0.2.5; y Emptoris Program Management (tambi\u00e9n conocido como PGM) y Strategic Supply Management (tambi\u00e9n conocido como SSMP) 10.0.0.x anterior a 10.0.0.3 iFix6, 10.0.1.x anterior a 10.0.1.4 iFix1, y 10.0.2.x anterior a 10.0.2.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE)."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
  "id": "CVE-2014-6212",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-10T02:59:28.227",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-6212 (GCVE-0-2014-6212)

GHSA-HJ7C-XH4M-FM7W

GSD-2014-6212

CNVD-2015-00323

FKIE_CVE-2014-6212

Tags

Sightings

Nomenclature