CVE-2016-9706

Name of the Vulnerable Software and Affected Versions IBM Integration Bus versions 9.0 through 10.0 WebSphere Message Broker SOAP FLOWS (affected versions not specified)

Description The issue is caused by an XML External Entity Injection (XXE) error when processing XML data, which can lead to a denial of service. A remote attacker could exploit this to expose highly sensitive information or consume all available memory resources.

Recommendations For IBM Integration Bus versions 9.0 through 10.0, update to a version that includes the fix for the XML External Entity Injection (XXE) error. For WebSphere Message Broker SOAP FLOWS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.