CVE-2016-6111

Summary

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationCram Social Program Management6.0.4affected
IBM CorporationCram Social Program Management6.0.5affected
IBM CorporationCram Social Program Management6.0affected
IBM CorporationCram Social Program Management5.2affected
IBM CorporationCram Social Program Management4.5affected
IBM CorporationCram Social Program Management6.0.3affected
IBM CorporationCram Social Program Management6.1affected
IBM CorporationCram Social Program Management5.2.6affected
IBM CorporationCram Social Program Management6.0.1affected
IBM CorporationCram Social Program Management6.1.0affected
IBM CorporationCram Social Program Management6.1.1affected
IBM CorporationCram Social Program Management6.2.0affected
IBM CorporationCram Social Program Management7.0.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References