CVE-2016-8974

Summary

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationRational Rhapsody Design Manager4.0.2affected
IBM CorporationRational Rhapsody Design Manager3.0affected
IBM CorporationRational Rhapsody Design Manager3.0.0.1affected
IBM CorporationRational Rhapsody Design Manager4.0affected
IBM CorporationRational Rhapsody Design Manager4.0.1affected
IBM CorporationRational Rhapsody Design Manager4.0.3affected
IBM CorporationRational Rhapsody Design Manager4.0.4affected
IBM CorporationRational Rhapsody Design Manager4.0.5affected
IBM CorporationRational Rhapsody Design Manager4.0.6affected
IBM CorporationRational Rhapsody Design Manager5.0affected
IBM CorporationRational Rhapsody Design Manager3affected
IBM CorporationRational Rhapsody Design Manager4.0.7affected
IBM CorporationRational Rhapsody Design Manager5.0.2affected
IBM CorporationRational Rhapsody Design Manager5.0.1affected
IBM CorporationRational Rhapsody Design Manager6.0affected
IBM CorporationRational Rhapsody Design Manager6.0.1affected
IBM CorporationRational Rhapsody Design Manager6.0.2affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References