CVE-2014-3066
IBM Tivoli Endpoint Manager 9.1 - Exposure of Sensitive Information via XML External Entity Injection
Title source: llmDescription
IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58672
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58906
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21673967
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030508
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21673961
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/93630
Scores
EPSS
0.0243
EPSS Percentile
82.3%
Details
CWE
CWE-200
Status
published
Products (1)
ibm/tivoli_endpoint_manager
9.1
Published
Jul 02, 2014
Tracked Since
Feb 18, 2026