Denial of Service Vulnerability in IBM Integration Bus and WebSphere Message Broker
CVE-2016-9706

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Integration Bus
Vendor: CVE Published:; 15 February 2017

What is CVE-2016-9706?

A vulnerability exists in IBM Integration Bus and WebSphere Message Broker due to improper handling of XML data. This issue allows a remote attacker to perform XML External Entity Injection, potentially leading to denial of service conditions. Exploiting this vulnerability may result in the disclosure of sensitive data or exhaustion of system memory resources, thereby affecting application performance.

Affected Version(s)

Integration Bus 9.0.0.0

Integration Bus 9.0

Integration Bus 10

References

http://www.securityfocus.com/bid/96274

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21997918

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2017
Vulnerability Reserved
Dec 1, 2016