XML External Entity Vulnerability in IBM Rational Products
CVE-2016-0284

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Software Architect Design Manager
Vendor: CVE Published:; 24 November 2016

Summary

An XML External Entity vulnerability exists in several IBM Rational products due to an insecure XML parser configuration. This flaw can potentially allow remote authenticated users to exploit XML documents containing external entity declarations, enabling them to read arbitrary files on the server or trigger a denial-of-service condition. Organizations utilizing affected versions should promptly apply security fixes to safeguard their environments against these risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21991478

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94555

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 24, 2016
Vulnerability Reserved
Dec 8, 2015