ID CVE-2016-0245
Summary The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 19-02-2017 - 06:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:P
refmap via4
aixapar PI56682
confirm http://www.ibm.com/support/docview.wss?uid=swg21975358
Last major update 19-02-2017 - 06:15
Published 29-02-2016 - 11:59
Last modified 19-02-2017 - 06:15
Back to Top