### [CVE-2016-9706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9706)
![](https://img.shields.io/static/v1?label=Product&message=Integration%20Bus&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=10%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.0.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Obtain%20Information&color=brightgreen)

### Description

IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.

### POC

#### Reference
- http://www.ibm.com/support/docview.wss?uid=swg21997918

#### Github
No PoCs found on GitHub currently.