CVE-2016-0319

Published: Nov 25, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (2)

Products: Ibm: Jazz Reporting Service

1 product

Jazz Reporting Service

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Jazz Reporting Service	Version 6.0.1
Ibm Jazz Reporting Service	Version 6.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21983137

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/92475

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www-01.ibm.com/support/docview.wss?uid=swg21983137

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/92475

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.