CVE-2014-6170

IBM Integration Bus and WebSphere Message Broker - Exposure of Sensitive Information via HTTPInput Node SOAP Fault

Title source: llm
STIX 2.1

Description

The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98309
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT01929
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21690725

Scores

EPSS 0.0135
EPSS Percentile 68.2%

Details

CWE
CWE-200
Status published
Products (18)
ibm/integration_bus 9.0
ibm/integration_bus 9.0.0.1
ibm/integration_bus 9.0.0.2
ibm/integration_bus 9.0.0.3
ibm/websphere_message_broker 7.0.
ibm/websphere_message_broker 7.0.0.1
ibm/websphere_message_broker 7.0.0.2
ibm/websphere_message_broker 7.0.0.3
ibm/websphere_message_broker 7.0.0.4
ibm/websphere_message_broker 7.0.0.5
... and 8 more
Published Feb 02, 2015
Tracked Since Feb 18, 2026