CVE-2016-6059

{"id": "CVE-2016-6059", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2017-02-01T20:59:02.083", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg21991683", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/94032", "tags": ["Technical Description", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21991683", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/94032", "tags": ["Technical Description", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources."}, {"lang": "es", "value": "IBM InfoSphere Information Server es vulnerable para una denegaci\u00f3n de servicio, provocado por un error XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n altamente sensible o consumir todos los recursos de memoria disponibles."}], "lastModified": "2024-11-21T02:55:24.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_datastage:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEE407E4-910C-4AF1-B87B-F9B01759DDFC"}, {"criteria": "cpe:2.3:a:ibm:infosphere_datastage:11.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD554818-742B-4033-B9FB-DD6E9BF76A8E"}, {"criteria": "cpe:2.3:a:ibm:infosphere_datastage:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0025F291-9862-4638-B96D-1ABEC3C31890"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9923389A-6B64-482B-A631-1B6B841CB9AE"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45314D26-63E9-4795-ADE2-7F77F35C2D5E"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83640E7E-851E-4C8F-ADDA-7CF4E1D11F58"}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88A5CF53-1A0C-4519-90A7-DFF6629820B0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}