IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.
No CVSS v3.1
Attack Vector Network
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Complete
AV:N/AC:L/Au:S/C:P/I:N/A:C
Vendors | Products |
---|---|
Ibm |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97171 | Third Party Advisory VDB Entry |
https://www.ibm.com/support/docview.wss?uid=swg22000784 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2017-03-31T18:00:00
Updated: 2017-04-03T09:57:01
Reserved: 2016-12-01T00:00:00
Link: CVE-2016-9707
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-03-31T18:59:00.373
Modified: 2017-04-04T21:09:45.927
Link: CVE-2016-9707
JSON object: View
Redhat Information
No data.
CWE