High severity8.1NVD Advisory· Published Dec 1, 2016· Updated May 6, 2026

CVE-2016-3033

Description

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected products

IBM/Appscan Source11 versions
cpe:2.3:a:ibm:appscan_source:8.7:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:ibm:appscan_source:8.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:8.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:8.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:9.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:9.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:9.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:9.0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:appscan_source:9.0.3.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-01.ibm.com/support/docview.wssnvdVendor Advisory
www.securityfocus.com/bid/92388nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000