CVE-2016-9706

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.4%
top 39.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Corporation Integration BUSIBM Integration BUSIBM Websphere Message Broker
Timeline
PublishedFeb 15
Latest updateMay 17

Description

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDibm/integration_bus10.0, 9.0+1
CVEListV5ibm_corporation/integration_bus5 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-47c8-72rj-qg9x: IBM Integration Bus 92022-05-17
CVEList
CVE-2016-9706: IBM Integration Bus 92017-02-15
CVE-2016-9706 (CRITICAL CVSS 9.1) | IBM Integration Bus 9.0 and 10.0 an | cvebase.io