CVE-2016-9706

Description

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.

Affected products

• IBM Corporation / Integration Bus9.0.0.0 – 9.0.0.0
• IBM Corporation / Integration Bus9.0 – 9.0
• IBM Corporation / Integration Bus10 – 10
• IBM Corporation / Integration Bus10.0 – 10.0
• IBM Corporation / Integration Bus9 – 9

References

• MISChttp://www.securityfocus.com/bid/96274
• MISChttp://www.ibm.com/support/docview.wss?uid=swg21997918