CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2016-9706

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile7.59th
Published2017年2月15日
Last Modified2026年5月13日

Vulnerability Description

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.

Affected Platforms (CPE)

📦
Ibm

Integration Bus

= 9.0
📦
Ibm

Integration Bus

= 10.0
📦
Ibm

Websphere Message Broker

= 8.0

References & Advisories

🔗 http://www.ibm.com/support/docview.wss?uid=swg21997918
🔗 http://www.securityfocus.com/bid/96274
🔗 http://www.ibm.com/support/docview.wss?uid=swg21997918
🔗 http://www.securityfocus.com/bid/96274

相關漏洞威脅

CVE-2016-34449.8

Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14....

CVE-2016-06358.8

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,...

CVE-2017-16948.1

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in t...

CVE-2021-335427.8

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerabil...