CVE-2016-2908 - Vulnerability Details

Vendors	Products
Ibm	Security Access Manager 9.0 Firmware Security Access Manager For Mobile 8.0 Firmware Security Access Manager For Mobile Appliance Security Access Manager For Web 8.0 Firmware Security Access Manager For Web Appliance

Link	Providers
http://www.ibm.com/support/docview.wss?uid=swg21995531
http://www.securityfocus.com/bid/95295
http://www.securitytracker.com/id/1038506

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Access Manager", "vendor": "IBM Corporation", "versions": [{"status": "affected", "version": "9.0"}, {"status": "affected", "version": "9.0.0.1"}, {"status": "affected", "version": "9.0.1"}, {"status": "affected", "version": "7.0.0"}, {"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "8.0.0.1"}, {"status": "affected", "version": "8.0.0.2"}, {"status": "affected", "version": "8.0.0.3"}, {"status": "affected", "version": "8.0.0.4"}, {"status": "affected", "version": "8.0.0.5"}, {"status": "affected", "version": "8.0.1"}, {"status": "affected", "version": "8.0.1.2"}, {"status": "affected", "version": "8.0.1.3"}, {"status": "affected", "version": "8.0.1.4"}, {"status": "affected", "version": "9.0.0"}, {"status": "affected", "version": "9.0.1.0"}]}], "datePublic": "2017-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "95295", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95295"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995531"}, {"name": "1038506", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038506"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-2908", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Access Manager", "version": {"version_data": [{"version_value": "9.0"}, {"version_value": "9.0.0.1"}, {"version_value": "9.0.1"}, {"version_value": "7.0.0"}, {"version_value": "8.0.0"}, {"version_value": "8.0.0.1"}, {"version_value": "8.0.0.2"}, {"version_value": "8.0.0.3"}, {"version_value": "8.0.0.4"}, {"version_value": "8.0.0.5"}, {"version_value": "8.0.1"}, {"version_value": "8.0.1.2"}, {"version_value": "8.0.1.3"}, {"version_value": "8.0.1.4"}, {"version_value": "9.0.0"}, {"version_value": "9.0.1.0"}]}}]}, "vendor_name": "IBM Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "95295", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95295"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg21995531", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21995531"}, {"name": "1038506", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038506"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:40:13.568Z"}, "title": "CVE Program Container", "references": [{"name": "95295", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95295"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995531"}, {"name": "1038506", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038506"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-2908", "datePublished": "2017-02-01T20:00:00", "dateReserved": "2016-03-09T00:00:00", "dateUpdated": "2024-08-05T23:40:13.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Access Manager (string)

vendor : IBM Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : 9.0 (string)

}

1 : { »

status : affected (string)

version : 9.0.0.1 (string)

}

2 : { »

status : affected (string)

version : 9.0.1 (string)

}

3 : { »

status : affected (string)

version : 7.0.0 (string)

}

4 : { »

status : affected (string)

version : 8.0.0 (string)

}

5 : { »

status : affected (string)

version : 8.0.0.1 (string)

}

6 : { »

status : affected (string)

version : 8.0.0.2 (string)

}

7 : { »

status : affected (string)

version : 8.0.0.3 (string)

}

8 : { »

status : affected (string)

version : 8.0.0.4 (string)

}

9 : { »

status : affected (string)

version : 8.0.0.5 (string)

}

10 : { »

status : affected (string)

version : 8.0.1 (string)

}

11 : { »

status : affected (string)

version : 8.0.1.2 (string)

}

12 : { »

status : affected (string)

version : 8.0.1.3 (string)

}

13 : { »

status : affected (string)

version : 8.0.1.4 (string)

}

14 : { »

status : affected (string)

version : 9.0.0 (string)

}

15 : { »

status : affected (string)

version : 9.0.1.0 (string)

}

]

}

]

datePublic : 2017-02-01T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Denial of Service (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-07-07T09:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : 95295 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/95295 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.ibm.com/support/docview.wss?uid=swg21995531 (string)

}

2 : { »

name : 1038506 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1038506 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2016-2908 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Access Manager (string)

version : { »

version_data : [ »

0 : { »

version_value : 9.0 (string)

}

1 : { »

version_value : 9.0.0.1 (string)

}

2 : { »

version_value : 9.0.1 (string)

}

3 : { »

version_value : 7.0.0 (string)

}

4 : { »

version_value : 8.0.0 (string)

}

5 : { »

version_value : 8.0.0.1 (string)

}

6 : { »

version_value : 8.0.0.2 (string)

}

7 : { »

version_value : 8.0.0.3 (string)

}

8 : { »

version_value : 8.0.0.4 (string)

}

9 : { »

version_value : 8.0.0.5 (string)

}

10 : { »

version_value : 8.0.1 (string)

}

11 : { »

version_value : 8.0.1.2 (string)

}

12 : { »

version_value : 8.0.1.3 (string)

}

13 : { »

version_value : 8.0.1.4 (string)

}

14 : { »

version_value : 9.0.0 (string)

}

15 : { »

version_value : 9.0.1.0 (string)

}

]

}

]

}

vendor_name : IBM Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Denial of Service (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 95295 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/95295 (string)

}

1 : { »

name : http://www.ibm.com/support/docview.wss?uid=swg21995531 (string)

refsource : CONFIRM (string)

url : http://www.ibm.com/support/docview.wss?uid=swg21995531 (string)

}

2 : { »

name : 1038506 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1038506 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T23:40:13.568Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 95295 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/95295 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.ibm.com/support/docview.wss?uid=swg21995531 (string)

}

2 : { »

name : 1038506 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1038506 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2016-2908 (string)

datePublished : 2017-02-01T20:00:00 (string)

dateReserved : 2016-03-09T00:00:00 (string)

dateUpdated : 2024-08-05T23:40:13.568Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B5B6BD9-C0DF-4359-A6C1-F66E24912800", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "847598BF-977A-4592-A6A1-2C7F04F29FDC", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA4B8E11-83D3-4B38-90B6-4C0F536D06B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "250AF7A4-8DDF-427C-8BF7-788667908D77", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "76136DDE-1530-482B-9E32-3EA2496FDFCA", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8CBEA0D7-FBD0-4C7D-AB8F-73018359996A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7CCECD9C-D506-4AEA-AE59-49A81E2D7020", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCB6511D-5B6C-4BBB-8DEF-C37026398D6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B0D27CF-70BF-4C72-A963-310272D8EBF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73E4F0CD-26DF-4975-8F40-ECB8E03A08C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FFE6F2A0-BD38-4853-A8FB-299A341FA0B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D1C6294A-7243-499D-8371-F000BEB7CF2F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service."}, {"lang": "es", "value": "IBM Single Sign On para Bluemix podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n sensible, provocado por un error de entidad externa XML (XXE) al procesar datos XML por el analizador XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para leer archivos arbitrarios del sistema o provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2016-2908", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-01T20:59:00.300", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995531"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95295"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1038506"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995531"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038506"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B5B6BD9-C0DF-4359-A6C1-F66E24912800 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 847598BF-977A-4592-A6A1-2C7F04F29FDC (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : EA4B8E11-83D3-4B38-90B6-4C0F536D06B6 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 250AF7A4-8DDF-427C-8BF7-788667908D77 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 76136DDE-1530-482B-9E32-3EA2496FDFCA (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 8CBEA0D7-FBD0-4C7D-AB8F-73018359996A (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 7CCECD9C-D506-4AEA-AE59-49A81E2D7020 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : FCB6511D-5B6C-4BBB-8DEF-C37026398D6C (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B0D27CF-70BF-4C72-A963-310272D8EBF7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 97E19969-DD73-42F2-9E91-504E1663B268 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F9CC2E05-5179-4241-A710-E582510EEB0D (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 73E4F0CD-26DF-4975-8F40-ECB8E03A08C2 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FFE6F2A0-BD38-4853-A8FB-299A341FA0B6 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : D1C6294A-7243-499D-8371-F000BEB7CF2F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 506C4B29-BC71-4C56-BAB1-06E63BEB1DD3 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1C5EBB4D-36F8-453C-9D2C-A63490144596 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. (string)

}

1 : { »

lang : es (string)

value : IBM Single Sign On para Bluemix podrían permitir a un atacante remoto obtener información sensible, provocado por un error de entidad externa XML (XXE) al procesar datos XML por el analizador XML. Un atacante remoto podría explotar esta vulnerabilidad para leer archivos arbitrarios del sistema o provocar una denegación de servicio. (string)

}

]

id : CVE-2016-2908 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.1 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-02-01T20:59:00.300 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.ibm.com/support/docview.wss?uid=swg21995531 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/95295 (string)

}

2 : { »

source : psirt@us.ibm.com (string)

url : http://www.securitytracker.com/id/1038506 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.ibm.com/support/docview.wss?uid=swg21995531 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/95295 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1038506 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-611 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object