The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
http://www-01.ibm.com/support/docview.wss?uid=swg1PI25310
http://www-01.ibm.com/support/docview.wss?uid=swg1PI28632
Source: MITRE
Published: 2014-12-18
Updated: 2017-09-08
Type: NVD-CWE-Other
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM