CVE-2016-3027: IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A…

medium6.5CVSS 3.0

AVNACLPRHUINSUCHINAH

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Affected

35 ranges· showing 25

Vendor	Product	Version range	Fixed in
ibm	security_access_manager_9.0_firmware	—	—
ibm	security_access_manager_9.0_firmware	—	—
ibm	security_access_manager_9.0_firmware	—	—
ibm	security_access_manager_for_mobile_8.0_firmware	—	—
ibm	security_access_manager_for_mobile_8.0_firmware	—	—
ibm	security_access_manager_for_mobile_8.0_firmware	—	—
ibm	security_access_manager_for_mobile_8.0_firmware	—	—
ibm	security_access_manager_for_mobile_8.0_firmware	—	—
ibm	security_access_manager_for_mobile_8.0_firmware	—	—
ibm	security_access_manager_for_mobile_8.0_firmware	—	—
ibm	security_access_manager_for_mobile_8.0_firmware	—	—
ibm	security_access_manager_for_web_8.0_firmware	—	—
ibm	security_access_manager_for_web_8.0_firmware	—	—
ibm	security_access_manager_for_web_8.0_firmware	—	—
ibm	security_access_manager_for_web_8.0_firmware	—	—
ibm	security_access_manager_for_web_8.0_firmware	—	—
ibm	security_access_manager_for_web_8.0_firmware	—	—
ibm	security_access_manager_for_web_8.0_firmware	—	—
ibm	security_access_manager_for_web_8.0_firmware	—	—
ibm_corporation	access_manager	—	—
ibm_corporation	access_manager	—	—
ibm_corporation	access_manager	—	—
ibm_corporation	access_manager	—	—
ibm_corporation	access_manager	—	—
ibm_corporation	access_manager	—	—