XXE attack in Sametime - CVE-2016-4449
Published: August 28, 2017
Vulnerability identifier: #VU8016
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4449
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Sametime
Sametime
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct XXE attack.
The weakness exists in libxml2 due to XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker can send manipulated XML content, trick the victim into opening and read important data on the system.
Successful exploitation of the vulnerability may result in information disclosure.
The weakness exists in libxml2 due to XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker can send manipulated XML content, trick the victim into opening and read important data on the system.
Successful exploitation of the vulnerability may result in information disclosure.
How to mitigate CVE-2016-4449
Update to version 9.0.1 FP1.