Denial of Service Vulnerability in IBM Curam Social Program Management
CVE-2016-6111

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Cram Social Program Management
Vendor: CVE Published:; 31 March 2017

What is CVE-2016-6111?

The XML External Entity Injection vulnerability in IBM Curam Social Program Management versions 6.0 and 7.0 allows remote attackers to exploit the system through crafted XML data. This flaw may lead to unauthorized access to sensitive information and potential denial of service due to excessive resource consumption. Securing applications against such vulnerabilities is crucial to protect sensitive data and ensure system reliability.

Affected Version(s)

Cram Social Program Management 6.0.4

Cram Social Program Management 6.0.5

Cram Social Program Management 6.0

References

http://www.ibm.com/support/docview.wss?uid=swg22000833

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97244

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2017
Vulnerability Reserved
Jun 29, 2016