Vulnerability Description
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Access Manager 9.0 Firmware | 9.0.0 |
| Ibm | Security Access Manager For Mobile 8.0 Firmware | 8.0.0.1 |
| Ibm | Security Access Manager For Web 8.0 Firmware | 8.0.0.1 |
| Ibm | Security Access Manager For Mobile Appliance | 8.0 |
| Ibm | Security Access Manager For Web Appliance | 8.0 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg21995531PatchVendor Advisory
- http://www.securityfocus.com/bid/95295Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038506
- http://www.ibm.com/support/docview.wss?uid=swg21995531PatchVendor Advisory
- http://www.securityfocus.com/bid/95295Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038506
FAQ
What is CVE-2016-2908?
CVE-2016-2908 is a vulnerability with a CVSS score of 9.1 (CRITICAL). IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker ...
How severe is CVE-2016-2908?
CVE-2016-2908 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-2908?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager 9.0 Firmware, Ibm Security Access Manager For Mobile 8.0 Firmware, Ibm Security Access Manager For Web 8.0 Firmware, Ibm Security Access Manager For Mobile Appliance, Ibm Security Access Manager For Web Appliance.