XML External Entity Vulnerability in IBM Forms Experience Builder
CVE-2016-0369
2.7LOW
Summary
An XML external entity (XXE) vulnerability was identified in IBM Forms Experience Builder versions 8.5, 8.5.1, and 8.6. This vulnerability enables remote authenticated users to exploit crafted XML data, potentially leading to the unauthorized exposure of sensitive information. Proper validation and sanitization of XML input are crucial to mitigate this risk and protect users' data integrity.
References
CVSS V3.1
Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved