Filenet Workplace
CVE-2016-3055
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
AnalysisAI
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.
Technical ContextAI
This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Affected products include: Ibm Filenet Workplace. Version information: before 4.0.2.14.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Disable external entity processing in XML parsers, use JSON instead of XML where possible.
More in Filenet Workplace
View allOpen redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to r
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbi
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (A
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today