CVE-2016-0250

MEDIUM

IBM InfoSphere Information Governance Catalog <11.3.1.2, <11.5.0.1 ...

Title source: llm
STIX 2.1

Description

XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.

References (2)

Core 2
Core References
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/110510
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21977152

Scores

CVSS v3 5.4
EPSS 0.0151
EPSS Percentile 71.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Details

CWE
CWE-611
Status published
Products (2)
ibm/infosphere_information_server 11.5
ibm/infosphere_information_server 11.3 - 11.3.1.2
Published Mar 12, 2018
Tracked Since Feb 18, 2026