CVE-2014-6170
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
02/02/2015
Last modified:
12/04/2025
Description
The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:integration_bus:9.0.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:7.0.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:7.0.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT01929
- http://www-01.ibm.com/support/docview.wss?uid=swg21690725
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98309
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT01929
- http://www-01.ibm.com/support/docview.wss?uid=swg21690725
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98309