IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463)

 Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service. IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases use the Apache Xerces-C XML parser and are affected by this vulnerability.

CVE(s): CVE-2016-4463

Affected product(s) and affected version(s):

IBM Tivoli Access Manager for e-business, version 6.0

IBM Tivoli Access Manager for e-business, version 6.1

IBM Tivoli Access Manager for e-business, version 6.1.1

IBM Security Access Manager for Web, version 7.0 software

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msTMs0
X-Force Database: http://ift.tt/2b5BVXc

The post IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2msIXq3