CVE-2016-9691

8.6HIGH

Key Information:

Vendor: IBM
Status: Websphere Cast Iron Cloud Integration
Vendor: CVE Published:; 5 May 2017

Summary

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.

Affected Version(s)

WebSphere Cast Iron Cloud integration 7.0.0. 7.5.0.0

References

http://www.securityfocus.com/bid/98338

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21998014

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2017
Vulnerability Reserved
Dec 1, 2016