CVE-2016-9707XML External Entity (XXE) Injection in Corporation Rational Collaborative Lifecycle Management

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 41.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
IBM Corporation Rational Collaborative Lifecycle ManagementIBM Rational Collaborative Lifecycle ManagementIBM Rational Doors Next Generation+5 more
Timeline
PublishedMar 31
Latest updateMay 17

Description

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages8 packages

NVDibm/rational_team_concert17 versions+16
NVDibm/rational_quality_manager17 versions+16

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-wgqf-5547-mc5w: IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data2022-05-17
CVEList
CVE-2016-9707: IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data2017-03-31
CVE-2016-9707 — XML External Entity (XXE) Injection | cvebase