PT-2017-10274 · Ibm · Ibm Rhapsody Dm
Published
2017-06-08
·
Updated
2017-06-14
·
CVE-2016-9698
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Rhapsody DM versions 4.0 through 6.0
Description
The issue is caused by an XML External Entity Injection (XXE) error when processing XML data, which could allow a remote attacker to expose highly sensitive information or consume all available memory resources, resulting in a denial of service.
Recommendations
For versions 4.0 through 6.0, update to a version that includes a fix for the XML External Entity Injection (XXE) error to prevent denial of service attacks.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rhapsody Dm