Main Vulnerability Database SB2016070706

SB2016070706 - XXE attack in HPE IceWall Federation Agent using libXML2 library

Published: July 7, 2016 Updated: April 17, 2025

Security Bulletin ID SB2016070706

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) XXE attack (CVE-ID: CVE-2016-4449)

The vulnerability allows a remote attacker to conduct XXE attack.

The weakness exists in libxml2 due to XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker can send manipulated XML content, trick the victim into opening and read important data on the system.

Successful exploitation of the vulnerability may result in information disclosure.

Remediation

Install update from vendor's website.

References

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c05194709