CVE-2016-6111

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.4%

top 38.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Cram Social Program Management IBM Curam Social Program Management

Timeline

PublishedMar 31

Latest updateMay 17

Description

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDibm/curam_social_program_management36 versions+35

▶CVEListV5ibm_corporation/cram_social_program_management13 versions+12

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-c496-j49j-763x: IBM Curam Social Program Management 6↗2022-05-17

▶

CVEList

CVE-2016-6111: IBM Curam Social Program Management 6↗2017-03-31

▶