Vulnerability in Jboss Teiid
CVE-2014-0170
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.
EPSS: 0.005 (67.6th percentile) — read the EPSS interpretation.
Affected products
- Jboss Teiid — versions 8.4
- Redhat Jboss_data_virtualization
- N/a — versions n/a
References
- jboss-data-cve20140170-info-disc(96192) (vdb-entry, x_refsource_XF)
- 61530 (x_refsource_SECUNIA, third-party-advisory)
- 1030886 (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- RHSA-2014:1284 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)