CVE-2016-9691

moderate-risk
Published 2017-05-05

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.

Do I need to act?

-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (6)

Websphere Cast Iron Solution
Websphere Cast Iron Solution
Websphere Cast Iron Solution
Websphere Cast Iron Solution
Websphere Cast Iron Solution
Websphere Cast Iron Solution

Affected Vendors

Ibm

References (4)

Patch http://www.ibm.com/support/docview.wss?uid=swg21998014
Broken Link http://www.securityfocus.com/bid/98338
Patch http://www.ibm.com/support/docview.wss?uid=swg21998014
Broken Link http://www.securityfocus.com/bid/98338
43
/ 100
moderate-risk
Severity 29/34 · Critical
Exploitability 1/34 · Minimal
Exposure 13/34 · Low