CVE-2016-0245

5 documents4 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 45.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Portal
Timeline
PublishedFeb 29
Latest updateMay 17

Description

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

NVDibm/websphere_portal8.0.0.0, 8.0.0.1, 8.5.0.0+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-83gx-v8hg-mghf: The XML parser in IBM WebSphere Portal 82022-05-17
CVEList
CVE-2016-0245: The XML parser in IBM WebSphere Portal 82016-02-29
CVE-2016-0245 (MEDIUM CVSS 5.4) | The XML parser in IBM WebSphere Por | cvebase.io