PT-2017-10279 · Ibm · Ibm Websphere Message Broker+1

Published

2017-02-15

Updated

2017-03-07

CVE-2016-9706

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions IBM Integration Bus versions 9.0 through 10.0 WebSphere Message Broker SOAP FLOWS (affected versions not specified)

Description The issue is caused by an XML External Entity Injection (XXE) error when processing XML data, which can lead to a denial of service. A remote attacker could exploit this to expose highly sensitive information or consume all available memory resources.

Recommendations For IBM Integration Bus versions 9.0 through 10.0, update to a version that includes the fix for the XML External Entity Injection (XXE) error. For WebSphere Message Broker SOAP FLOWS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2016-9706

Affected Products

Ibm Integration Bus

Ibm Websphere Message Broker

PT-2017-10279 · Ibm · Ibm Websphere Message Broker+1

CVE-2016-9706

Weakness Enumeration

Related Identifiers

Affected Products

References · 4