CVE-2016-0319

Name of the Vulnerable Software and Affected Versions IBM Jazz Reporting Service versions 6.0 through 6.0.1 before 6.0.1 iFix006

Description The issue concerns an XML External Entity (XXE) problem in the XML parser of the Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service. This allows remote authenticated administrators to read arbitrary files or cause a denial of service by using an XML document that contains an external entity declaration in conjunction with an entity reference.

Recommendations For IBM Jazz Reporting Service versions 6.0 through 6.0.1 before 6.0.1 iFix006, apply the 6.0.1 iFix006 patch to resolve the issue.