XML External Entity Injection (XXE) Vulnerability in IBM Integration Bus and WebSphere Message Broker SOAP Flows

XML External Entity Injection (XXE) Vulnerability in IBM Integration Bus and WebSphere Message Broker SOAP Flows

CVE-2016-9706 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:N/A:C

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.

Learn more about our Cis Benchmark Audit For Ibm Websphere.