Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM266664015187499F2F18DDE00C0657D73AA43A6F493787625A034E97E888A689
HistoryJun 16, 2018 - 2:17 p.m.

Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 affect IBM Streams

2018-06-1614:17:48
www.ibm.com
16

EPSS

0.008

Percentile

81.7%

JSON

Summary

There are multiple vulnerabilities in Libxml2 library used by IBM Streams. IBM Streams has addressed the applicable CVEs.

Vulnerability Details

CVE-ID: CVE-2016-2073
Description: libxml2 is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds read in the htmlParseNameComplex() function. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.300
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/110307&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVE-ID: CVE-2016-9318
Description: Libxml2 could allow a remote attacker to obtain sensitive information, caused by failure to offer a flag directly indicating the status of current document. By using a specially-crafted document to conduct a XML external entity (XXE) attack, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.500
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/119018 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Affected Products and Versions

The following versions may be impacted:

  • IBM Streams Version 4.2.1.2 and earlier
  • IBM InfoSphere Streams Version 4.1.1.4 and earlier
  • IBM InfoSphere Streams Version 4.0.1.4 and earlier
  • IBM InfoSphere Streams Version 3.2.1.6 and earlier
  • IBM InfoSphere Streams Version 3.1.0.8 and earlier
  • IBM InfoSphere Streams Version 3.0.0.6 and earlier

Remediation/Fixes

NOTE: Fix Packs are available on IBM Fix Central.

To remediate/fix this issue, follow the instructions below:

  • Version 4.2.x: Apply 4.2.1 Fix Pack 3 (4.2.1.3) or higher.
  • Version 4.1.x: Apply 4.1.1 Fix Pack 5 (4.1.1.5) or higher.
  • Version 4.0.x: Apply 4.0.1 Fix Pack 5 (4.0.1.5) or higher.
  • Versions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.

Workarounds and Mitigations

None

Related

nessus 31
openvas 29
veracode 4
prion 2
debiancve 2
nvd 2
ibm 25
alpinelinux 1
cvelist 2
ubuntucve 3
cve 2
redhatcve 1
ubuntu 3
osv 1
cloudfoundry 2
debian 4
gentoo 2
mageia 2
suse 6
fedora 2
rosalinux 1
redhat 1
tenable 1
ics 1
nessus
nessus
EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070)
2017-05-03 00:00:00
EulerOS Virtualization 2.5.3 : libxml2 (EulerOS-SA-2019-1353)
2019-05-10 00:00:00
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2019:1896-1)
2019-07-19 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2017-1069)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0164-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1896-1)
2021-04-19 00:00:00
veracode
veracode
XML External Entity (XXE)
2018-11-27 06:08:51
XML External Entity (XXE) Via Libxml2
2017-02-23 06:14:12
Copy-Paste Vulnerability (CPV) Through Libxml2
2018-10-16 03:04:15
prion
prion
Xxe
2016-11-16 00:59:00
Out-of-bounds
2016-02-12 15:59:00
debiancve
debiancve
CVE-2016-9318
2016-11-16 00:59:00
CVE-2016-2073
2016-02-12 15:59:00
nvd
nvd
CVE-2016-9318
2016-11-16 00:59:00
CVE-2016-2073
2016-02-12 15:59:00
ibm
ibm
Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2016-9318)
2018-06-18 01:39:51
Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2016-9318)
2019-01-31 02:25:02
Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
2023-04-14 14:32:25
alpinelinux
alpinelinux
CVE-2016-9318
2016-11-16 00:59:00
cvelist
cvelist
CVE-2016-2073
2016-02-12 15:26:00
CVE-2016-9318
2016-11-16 00:00:00
ubuntucve
ubuntucve
CVE-2016-9318
2016-11-15 00:00:00
CVE-2017-1000061
2017-07-17 00:00:00
CVE-2016-2073
2016-02-12 00:00:00
cve
cve
CVE-2016-9318
2016-11-16 00:59:00
CVE-2016-2073
2016-02-12 15:59:00
redhatcve
redhatcve
CVE-2016-9318
2016-11-16 10:17:17
ubuntu
ubuntu
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerabilities
2016-06-06 00:00:00
osv
osv
libxml2 - security update
2022-04-08 00:00:00
cloudfoundry
cloudfoundry
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
debian
debian
[SECURITY] [DLA 2972-1] libxml2 security update
2022-04-08 21:17:02
[SECURITY] [DLA 503-1] libxml2 security update
2016-06-03 19:22:01
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-11-10 00:00:00
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
mageia
mageia
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
Updated libxml2 packages fix security vulnerability
2016-07-27 00:59:16
suse
suse
Security update for libxml2 (important)
2016-06-17 15:08:25
Security update for libxml2 (important)
2016-06-16 13:10:48
Security update for libxml2 (important)
2016-06-09 18:07:56
fedora
fedora
[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25
2017-04-19 09:32:17
[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24
2017-04-19 07:53:28
rosalinux
rosalinux
Advisory ROSA-SA-2021-1905
2021-07-02 17:25:35
redhat
redhat
(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
2018-08-16 16:05:21
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

EPSS

0.008

Percentile

81.7%

JSON
Related for 266664015187499F2F18DDE00C0657D73AA43A6F493787625A034E97E888A689
nessus31openvas29veracode4prion2debiancve2nvd2ibm25alpinelinux1cvelist2ubuntucve3cve2redhatcve1ubuntu3osv1cloudfoundry2debian4gentoo2mageia2suse6fedora2rosalinux1redhat1tenable1ics1