Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2B237E264C52D06227024EBFAFBA2C1ED8525F45DAFB66BEB1155234DB21F47D
HistoryJun 17, 2018 - 3:40 p.m.

Security Bulletin: Security vulnerabilities have been identified in the Apache CXF component of IBM Tivoli Network Manager IP Edition (CVE-2016-6812, CVE-2016-8739)

2018-06-1715:40:33
www.ibm.com
3

0.006 Low

EPSS

Percentile

77.6%

JSON

Summary

Security vulnerabilities have been addressed in the Apache CXF component of IBM Tivoli Network Manager IP Edition.

Vulnerability Details

CVEID: CVE-2016-6812**
DESCRIPTION:** Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the FormattedServiceListWriter() function. A remote attacker could exploit this vulnerability using the 'matrix ’ parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120409 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2016-8739**
DESCRIPTION:** Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity (XXE) vulnerability in JAX-RS implementation. By using a specially-crafted XML data, an attacker could exploit this vulnerability to read arbitrary files on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Tivoli Network Manager 4.1.1 and 4.2

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM Tivoli Network Manager IP Edition| 4.1.1.2 | IV94614| UPGRADE APACHE CXF LIBRARIES 3.0.12
<http://www-01.ibm.com/support/docview.wss?uid=swg24041066&gt;
IBM Tivoli Network Manager IP Edition| 4.2.0.3| IV94614| UPGRADE APACHE CXF LIBRARIES 3.1.10
http://www-01.ibm.com/support/docview.wss?uid=swg24043575

Workarounds and Mitigations

None

Related

fedora 1
nessus 1
openvas 1
ibm 5
cve 2
cvelist 2
github 2
nvd 2
redhatcve 2
prion 2
osv 4
veracode 2
redhat 1
fedora
fedora
[SECURITY] Fedora 25 Update: cxf-3.1.6-3.fc25
2016-12-31 06:51:31
nessus
nessus
Fedora 25 : 1:cxf (2016-2361e1e07a)
2017-01-03 00:00:00
openvas
openvas
Fedora Update for cxf FEDORA-2016-2361e1e07a
2017-01-01 00:00:00
ibm
ibm
Security Bulletin: Mulitiple security vulnerabilities in Apache CXF affects IBM InfoSphere Master Data Management (CVE-2016-6812 CVE-2016-8739 CVE-2017-5653 CVE-2017-5656 CVE-2017-3156)
2018-06-16 14:18:36
Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager
2018-10-23 16:30:01
Security Bulletin: Vulnerabilities found in cxf-rt-transports-http-3.0.3.jar which is shipped with IBM® Intelligent Operations Center(CVE-2016-6812, CVE-2018-8039, CVE-2020-13954)
2023-09-05 12:31:27
cve
cve
CVE-2016-8739
2017-08-10 18:29:00
CVE-2016-6812
2017-08-10 16:29:00
cvelist
cvelist
CVE-2016-8739
2016-12-19 00:00:00
CVE-2016-6812
2016-12-19 00:00:00
github
github
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
2022-05-13 01:09:20
Improper Neutralization of Input During Web Page Generation in Apache CXF
2022-05-13 01:09:20
nvd
nvd
CVE-2016-8739
2017-08-10 18:29:00
CVE-2016-6812
2017-08-10 16:29:00
redhatcve
redhatcve
CVE-2016-8739
2016-12-21 14:47:35
CVE-2016-6812
2016-12-21 14:47:28
prion
prion
Design/Logic Flaw
2017-08-10 18:29:00
Design/Logic Flaw
2017-08-10 16:29:00
osv
osv
CVE-2016-8739
2017-08-10 18:29:00
Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
2022-05-13 01:09:20
CVE-2016-6812
2017-08-10 16:29:00
veracode
veracode
XML External Entity (XXE)
2016-12-23 04:04:51
Cross-site Scripting (XSS)
2016-12-28 03:45:07
redhat
redhat
(RHSA-2017:0868) Important: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
2017-04-03 21:01:34

0.006 Low

EPSS

Percentile

77.6%

JSON
Related for 2B237E264C52D06227024EBFAFBA2C1ED8525F45DAFB66BEB1155234DB21F47D
fedora1nessus1openvas1ibm5cve2cvelist2github2nvd2redhatcve2prion2osv4veracode2redhat1