CVE-2016-3039

Name of the Vulnerable Software and Affected Versions IBM Traveler versions 8.x through 9.x before 9.0.1.12

Description The issue allows remote authenticated users to read arbitrary files or cause a denial of service due to memory consumption. This is related to an XML External Entity (XXE) issue, where XML data containing an external entity declaration in conjunction with an entity reference can be used to exploit the problem.

Recommendations For IBM Traveler versions 8.x through 9.x before 9.0.1.12, update to version 9.0.1.12 or later to resolve the issue. As a temporary workaround, consider restricting access to XML data or disabling the processing of external entity declarations until a patch is available.