CVE-2016-6111

Name of the Vulnerable Software and Affected Versions IBM Curam Social Program Management versions 6.0 through 7.0

Description The issue is caused by an XML External Entity Injection (XXE) error when processing XML data, which could allow a remote attacker to expose highly sensitive information or consume all available memory resources, resulting in a denial of service.

Recommendations For IBM Curam Social Program Management versions 6.0 through 7.0, update to a version that includes a fix for the XML External Entity Injection (XXE) error to prevent denial of service and exposure of sensitive information.