Denial of Service Vulnerability in IBM Integration Bus and WebSphere Message Broker
CVE-2016-9706
9.1CRITICAL
Summary
A vulnerability exists in IBM Integration Bus and WebSphere Message Broker due to improper handling of XML data. This issue allows a remote attacker to perform XML External Entity Injection, potentially leading to denial of service conditions. Exploiting this vulnerability may result in the disclosure of sensitive data or exhaustion of system memory resources, thereby affecting application performance.
Affected Version(s)
Integration Bus 9.0.0.0
Integration Bus 9.0
Integration Bus 10
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved