Vulnerabilities > CVE-2016-9706 - XXE vulnerability in IBM Integration BUS and Websphere Message Broker
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | IBM_INTEGRATION_BUS_SWG21997918.NASL |
| description | The version of IBM Integration Bus (formerly known as IBM WebSphere Message Broker) is 8.x prior to 8.0.0.8, 9.x prior to 9.0.0.6, or 10.x prior to 10.0.0.5. It is, therefore, affected by a denial of service vulnerability due to an XML external entity (XXE) injection error in SOAP FLOWS when processing XML data. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 97578 |
| published | 2017-03-07 |
| reporter | This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/97578 |
| title | IBM Integration Bus 8.x < 8.0.0.8 / 9.x < 9.0.0.6 / 10.x < 10.0.0.5 SOAP FLOWS XXE DoS |