CVE-2014-3066

IBM Tivoli Endpoint Manager 9.1 - Exposure of Sensitive Information via XML External Entity Injection

Title source: llm
STIX 2.1

Description

IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58672
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58906
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21673967
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030508
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21673961
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/93630

Scores

EPSS 0.0243
EPSS Percentile 82.3%

Details

CWE
CWE-200
Status published
Products (1)
ibm/tivoli_endpoint_manager 9.1
Published Jul 02, 2014
Tracked Since Feb 18, 2026