PT-2017-9912 · Ibm · Ibm Bigfix Inventory

Published

2017-02-01

Updated

2017-02-13

CVE-2016-8980

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions IBM BigFix Inventory version 9

Description The issue is caused by an XML External Entity Injection (XXE) error when processing XML data, which can lead to a denial of service. A remote attacker could exploit this to expose highly sensitive information or consume all available memory resources.

Recommendations For IBM BigFix Inventory version 9, update to a version that fixes the XML External Entity Injection (XXE) error to prevent denial of service and exposure of sensitive information.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2016-8980

Affected Products

Ibm Bigfix Inventory

PT-2017-9912 · Ibm · Ibm Bigfix Inventory

CVE-2016-8980

Weakness Enumeration

Related Identifiers

Affected Products

References · 4