CVE-2016-0319

HIGH

IBM Jazz Reporting Service <6.0.1 - XXE

Title source: llm
STIX 2.1

Description

The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92475
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21983137

Scores

CVSS v3 7.5
EPSS 0.0164
EPSS Percentile 73.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-284
Status published
Products (2)
ibm/jazz_reporting_service 6.0
ibm/jazz_reporting_service 6.0.1
Published Nov 25, 2016
Tracked Since Feb 18, 2026