CVE-2016-2908

CWE-611 — XML External Entity (XXE)4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.9%

top 23.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Access Manager IBM Security Access Manager 9.0 Firmware IBM Security Access Manager FOR Mobile 8.0 Firmware +1 more

Timeline

PublishedFeb 1

Latest updateMay 13

Description

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDibm/security_access_manager8 versions+7

▶CVEListV5ibm_corporation/access_manager16 versions+15

▶NVDibm/security_access_manager_9.0_firmware9.0.0, 9.0.0.1, 9.0.1.0+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-8xx8-9g4g-c4q2: IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when process↗2022-05-13

▶

CVEList

CVE-2016-2908: IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when process↗2017-02-01

▶

OSV

linux-lts-wily regression↗2016-02-27

▶