IBM Security Bulletin: IBM Security Access Manager appliances are affected by an XML External Entity vulnerability (CVE-2016-2908)
IBM Security Access Manager could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser.
CVE(s): CVE-2016-2908
Affected product(s) and affected version(s):
IBM Security Access Manager for Web 8.0 appliances, all firmware versions.
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions.
IBM Security Access Manager 9.0 appliances, all firmware versions.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iLmHGD
X-Force Database: http://ift.tt/2hNvg7n
from IBM Product Security Incident Response Team http://ift.tt/2iLktqR