#VU8016 XXE attack in Sametime - CVE-2016-4449

Cybersecurity Help s.r.o.

Published: 2017-08-28

Vulnerability identifier: #VU8016

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-4449

CWE-ID: CWE-611

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sametime
Client/Desktop applications / Messaging software

Vendor: IBM Corporation

Description
The vulnerability allows a remote attacker to conduct XXE attack.

The weakness exists in libxml2 due to XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker can send manipulated XML content, trick the victim into opening and read important data on the system.

Successful exploitation of the vulnerability may result in information disclosure.

Mitigation
Update to version 9.0.1 FP1.

Vulnerable software versions

Sametime: 8.5.0.0 - 9.0.0.0

External links
https://www-01.ibm.com/support/docview.wss?uid=swg22006233

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Sametime

Multiple vulnerabilities in IBM Integrated Management Module (IMM) for System x & BladeCenter

XXE attack in HPE IceWall Federation Agent using libXML2 library