CVE-2016-3033

Опубликовано: 01 дек. 2016

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21987326
Vendor Advisory
http://www.securityfocus.com/bid/92388
Third Party Advisory
VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21987326
Vendor Advisory
http://www.securityfocus.com/bid/92388
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:appscan_source:8.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:8.7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:8.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:9.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:9.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:9.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:9.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:9.0.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:9.0.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:appscan_source:9.0.3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00548

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-pjp4-rrp6-vqr7