XXE Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance
CVE-2016-5971

7.1HIGH

Key Information:

Vendor: IBM
Status: Security Privileged Identity Manager Virtual Appliance
Vendor: CVE Published:; 26 September 2016

What is CVE-2016-5971?

The IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance versions before 2.0.2 FP8 are susceptible to an XML External Entity (XXE) vulnerability, enabling remote authenticated users to access arbitrary files or trigger a denial of service due to excessive memory consumption. This vulnerability arises from improper handling of XML data, where maliciously crafted XML documents can exploit external entity declarations to manipulate the application's behavior, leading to sensitive information exposure or service disruption.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21989205

x_refsource_CONFIRM

http://www.securityfocus.com/bid/93081

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2016
Vulnerability Reserved
Jun 29, 2016