Denial of Service Vulnerability in IBM Integration Bus and WebSphere Message Broker
CVE-2016-9706

9.1CRITICAL

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 February 2017

Summary

A vulnerability exists in IBM Integration Bus and WebSphere Message Broker due to improper handling of XML data. This issue allows a remote attacker to perform XML External Entity Injection, potentially leading to denial of service conditions. Exploiting this vulnerability may result in the disclosure of sensitive data or exhaustion of system memory resources, thereby affecting application performance.

Affected Version(s)

Integration Bus 9.0.0.0

Integration Bus 9.0

Integration Bus 10

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.