VYPR
High severity8.1NVD Advisory· Published Feb 1, 2017· Updated Jun 17, 2026

CVE-2016-8980

CVE-2016-8980

Description

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Affected products

4
  • cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*
    • (no CPE)range: v9
  • cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*
  • IBM Corporation/BigFix Inventoryv5
    Range: 9.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.