CVE-2016-8980

Summary

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationBigFix Inventory9.2affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References