CVE-2016-3039

EUVD-2016-4112
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
ibmtraveler
8.5.3
ibmtraveler
9.0
ibmtraveler
9.0.1
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89357
http://www-01.ibm.com/support/docview.wss?uid=swg21985858
http://www.securityfocus.com/bid/91796
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89357
http://www-01.ibm.com/support/docview.wss?uid=swg21985858
http://www.securityfocus.com/bid/91796