CVE-2016-0288

Name of the Vulnerable Software and Affected Versions IBM Security AppScan Standard versions 8.7.x through 9.x before 9.0.3.2 IBM Security AppScan Enterprise (affected versions not specified)

Description The issue allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For IBM Security AppScan Standard versions 8.7.x through 9.x before 9.0.3.2, update to version 9.0.3.2 or later to resolve the issue. For IBM Security AppScan Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.