Published: 01/02/2017 Updated: 27/10/2020

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

IBM Single Sign On for Bluemix could allow a remote malicious user to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm security_access_manager_9.0_firmware 9.0.1.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
ibm security_access_manager_for_mobile_8.0_firmware 8.0.1.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
ibm security_access_manager_for_web_8.0_firmware 8.0.1.0
ibm security_access_manager_for_web_8.0_firmware 8.0.1.2
ibm security_access_manager_for_mobile_8.0_firmware 8.0.1.4
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
ibm security_access_manager_for_web_8.0_firmware 8.0.1.4
ibm security_access_manager_for_web_8.0_firmware 8.0.0.1
ibm security_access_manager_9.0_firmware 9.0.0.1
ibm security_access_manager_9.0_firmware 9.0.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.1.2
ibm security_access_manager_for_mobile_8.0_firmware 8.0.1.3
ibm security_access_manager_for_web_8.0_firmware 8.0.1.3
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3

CWE-611 http://www.ibm.com/support/docview.wss?uid=swg21995531 http://www.securityfocus.com/bid/95295 http://www.securitytracker.com/id/1038506 https://nvd.nist.gov

CVE-2016-2908

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect