CVE-2016-8974XML External Entity (XXE) Injection in Corporation Rational Rhapsody Design Manager

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 40.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Rational Rhapsody Design ManagerIBM Rational Rhapsody Design Manager
Timeline
PublishedFeb 23
Latest updateMay 17

Description

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-2qj5-wjfc-3w96: IBM Rhapsody DM 42022-05-17
CVEList
CVE-2016-8974: IBM Rhapsody DM 42017-02-23
CVE-2016-8974 — XML External Entity (XXE) Injection | cvebase