CVE-2016-6111

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Cram Social Program Management
Vendor: CVE Published:; 31 March 2017

Summary

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.

Affected Version(s)

Cram Social Program Management 6.0.4

Cram Social Program Management 6.0.5

Cram Social Program Management 6.0

References

http://www.ibm.com/support/docview.wss?uid=swg22000833

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97244

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2017
Vulnerability Reserved
Jun 29, 2016