9.0.1

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

ibm

NVD

Published: 2016-07-17

Updated: 2016-11-28

Summary

IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Traveler 8.5.3 IBM Traveler 9.0 IBM Traveler 9.0.1	3

References

http://www.securityfocus.com/bid/91796
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89357
http://www-01.ibm.com/support/docview.wss?uid=swg21985858