CVE-2016-9691

HIGH Year: 2016
CVSS v3 Score
8.6
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-611
View all →

Vulnerability Description

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.

Related Vulnerabilities

CVE-2016-4264

HIGH
CVSS:8.6(High)

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a craft...

CWE-6112016

CVE-2016-7051

HIGH
CVSS:8.6(High)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vec...

CWE-6112016

CVE-2018-19244

HIGH
CVSS:8.6(High)

An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed...

CWE-6112018

CVE-2018-19858

HIGH
CVSS:8.6(High)

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceX...

CWE-6112018

CVE-2021-3869

HIGH
CVSS:8.6(High)

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

CWE-6112021

CVE-2022-2759

HIGH
CVSS:8.6(High)

Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with U...

CWE-6112022