PT-2017-9909 · Ibm · Ibm Rhapsody Dm
Published
2017-02-23
·
Updated
2017-03-02
·
CVE-2016-8974
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Rhapsody DM versions 4.0 through 6.0
Description
The issue is caused by an XML External Entity Injection (XXE) error when processing XML data, which could allow a remote attacker to expose highly sensitive information or consume all available memory resources, resulting in a denial of service.
Recommendations
For versions 4.0 through 6.0, update to a version that includes the fix for the XML External Entity Injection (XXE) error to prevent denial of service and exposure of sensitive information.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rhapsody Dm