Vulnerabilities > CVE-2016-9706 - XXE vulnerability in IBM Integration BUS and Websphere Message Broker

047910
CVSS 8.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
ibm
CWE-611
nessus

Summary

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.

Vulnerable Configurations

Part Description Count
Application
Ibm
3

Nessus

NASL familyWindows
NASL idIBM_INTEGRATION_BUS_SWG21997918.NASL
descriptionThe version of IBM Integration Bus (formerly known as IBM WebSphere Message Broker) is 8.x prior to 8.0.0.8, 9.x prior to 9.0.0.6, or 10.x prior to 10.0.0.5. It is, therefore, affected by a denial of service vulnerability due to an XML external entity (XXE) injection error in SOAP FLOWS when processing XML data. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition.
last seen2020-06-01
modified2020-06-02
plugin id97578
published2017-03-07
reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/97578
titleIBM Integration Bus 8.x < 8.0.0.8 / 9.x < 9.0.0.6 / 10.x < 10.0.0.5 SOAP FLOWS XXE DoS