CVE-2016-0288

3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 52.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Appscan
Timeline
PublishedJun 1
Latest updateMay 17

Description

IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDibm/security_appscan11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-f5h4-33c9-4qj2: IBM Security AppScan Standard 82022-05-17
CVEList
CVE-2016-0288: IBM Security AppScan Standard 82016-06-01
CVE-2016-0288 (MEDIUM CVSS 6.5) | IBM Security AppScan Standard 8.7.x | cvebase.io