CVE-2016-8980

Опубликовано: 01 фев. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 7.5

EPSS Низкий

Описание

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21995013
Vendor Advisory
http://www.securityfocus.com/bid/95141
Third Party Advisory
VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21995013
Vendor Advisory
http://www.securityfocus.com/bid/95141
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*

cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00359

Низкий

8.1 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-2h6f-jv94-879x