CVE-2016-8980

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
References
Link Resource
http://www.ibm.com/support/docview.wss?uid=swg21995013 Vendor Advisory
http://www.securityfocus.com/bid/95141 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*
OR cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*

Information

Published : 2017-02-01 12:59

Updated : 2017-02-13 14:25


NVD link : CVE-2016-8980

Mitre link : CVE-2016-8980


JSON object : View

CWE
CWE-611

Improper Restriction of XML External Entity Reference

Advertisement

dedicated server usa

Products Affected

microsoft

  • windows

ibm

  • aix
  • bigfix_inventory
  • license_metric_tool

hp

  • hp-ux

linux

  • linux_kernel

oracle

  • solaris