| Vulnerability Name: | CVE-2016-9706 (CCN-119580) | ||||||||||||
| Assigned: | 2016-12-01 | ||||||||||||
| Published: | 2017-02-13 | ||||||||||||
| Updated: | 2017-03-07 | ||||||||||||
| Summary: | IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. | ||||||||||||
| CVSS v3 Severity: | 9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) 7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 8.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-611 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-9706 Source: CCN Type: IBM Security Bulletin 1997918 (Integration Bus) IBM Integration Bus and WebSphere Message Broker SOAP FLOWS are vulnerable to XML external entity attack (CVE-2016-9706) Source: CONFIRM Type: Patch, Vendor Advisory http://www.ibm.com/support/docview.wss?uid=swg21997918 Source: BID Type: UNKNOWN 96274 Source: XF Type: UNKNOWN ibm-ibus-cve20169706-info-disc(119580) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||