CVE-2014-6114

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published: 2014-12-11 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2014-6114 is rated Moderate Risk (49.2/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.17%). Core evidence: EPSS rose +1.30% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2014-6114

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.86% 2.17% +1.30%
2 2025-03-30 1.19% 0.86% -0.32%
3 2025-03-29 1.19%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2014-6114

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
10.0 2.9 [email protected]

Weakness enumeration for CVE-2014-6114

Affected software / configurations for CVE-2014-6114

Vendor Product Version Raw CPE
ibm operational_decision_manager 8.0 cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*
ibm operational_decision_manager 8.5 cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*
ibm operational_decision_manager 8.6 cpe:2.3:a:ibm:operational_decision_manager:8.6:*:*:*:*:*:*:*
ibm websphere_ilog_jrules 7.1 cpe:2.3:a:ibm:websphere_ilog_jrules:7.1:*:*:*:*:*:*:*
ibm websphere_operational_decision_management 7.5 cpe:2.3:a:ibm:websphere_operational_decision_management:7.5:*:*:*:*:*:*:*

References for CVE-2014-6114

cvelogic Threat Intelligence