PT-2017-9909 · Ibm · Ibm Rhapsody Dm

Publicado

2017-02-23

Atualizado

2017-03-02

CVE-2016-8974

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions IBM Rhapsody DM versions 4.0 through 6.0

Description The issue is caused by an XML External Entity Injection (XXE) error when processing XML data, which could allow a remote attacker to expose highly sensitive information or consume all available memory resources, resulting in a denial of service.

Recommendations For versions 4.0 through 6.0, update to a version that includes the fix for the XML External Entity Injection (XXE) error to prevent denial of service and exposure of sensitive information.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2016-8974

Produtos afetados

Ibm Rhapsody Dm

PT-2017-9909 · Ibm · Ibm Rhapsody Dm

CVE-2016-8974

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3