IBM Security Bulletin: XML External Entity Injection affect AppScan Standard (CVE-2016-0288)
IBM Security AppScan Enterprise and IBM Security AppScan Standard could allow a remote attacker to obtain sensitive information, caused by the improper processing of XML external entities.
CVE(s): CVE-2016-0288
Affected product(s) and affected version(s):
- IBM Security AppScan Standard - 9.0.2.x
- IBM Security AppScan Standard - 9.0.1.x
- IBM Security AppScan Standard - 9.0.0.x
- IBM Security AppScan Standard - 8.8.x
- IBM Security AppScan Standard - 8.7.x
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1rRzOKj
X-Force Database: http://ift.tt/1rRzCe5
from IBM Product Security Incident Response Team http://ift.tt/1ThWbzh