CVE-2016-9698

Summary

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.

Affected Software

VendorProductVersion RangeStatus
IBMRational Rhapsody Design Manager4.0.2affected
IBMRational Rhapsody Design Manager4.0affected
IBMRational Rhapsody Design Manager4.0.1affected
IBMRational Rhapsody Design Manager4.0.3affected
IBMRational Rhapsody Design Manager4.0.4affected
IBMRational Rhapsody Design Manager4.0.5affected
IBMRational Rhapsody Design Manager4.0.6affected
IBMRational Rhapsody Design Manager5.0affected
IBMRational Rhapsody Design Manager5.0.1affected
IBMRational Rhapsody Design Manager6.0affected
IBMRational Rhapsody Design Manager6.0.1affected
IBMRational Rhapsody Design Manager6.0.2affected
IBMRational Rhapsody Design Manager6.0.3affected
IBMRational Rhapsody Design Manager4.0.7affected
IBMRational Rhapsody Design Manager5.0.2affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References