PatchSiren cyber security CVE debrief
CVE-2016-6042 IBM CVE debrief
CVE-2016-6042 is a high-severity IBM AppScan Enterprise Edition vulnerability that can lead to arbitrary code execution in the context of the victim user. The issue is tied to improper handling of objects in memory (CWE-119) and is triggered when a victim opens specially crafted content. NVD rates the issue CVSS 3.0 7.3 (High) with local access, low privileges, and user interaction required.
- Vendor
- IBM
- Product
- CVE-2016-6042
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-01
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-01
- Advisory updated
- 2026-05-13
Who should care
Organizations running IBM Security AppScan Enterprise Edition, especially the vulnerable versions listed in NVD, should treat this as important if users may open untrusted or specially crafted content. Security teams, application owners, and desktop or endpoint administrators responsible for AppScan deployments should prioritize remediation.
Technical summary
NVD identifies CWE-119 (improper restriction of operations within the bounds of a memory buffer) as the underlying weakness. The vulnerable CPEs listed include IBM Security AppScan 9.0.0.0 and enterprise editions 9.0.0.1, 9.0.1.0, 9.0.1.1, 9.0.2.0, 9.0.2.1, 9.0.3.0, and 9.0.3.1. The CVSS v3.0 vector is AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating exploitation depends on user interaction and can have full confidentiality, integrity, and availability impact once triggered.
Defensive priority
High for any environment that uses affected IBM Security AppScan Enterprise versions. Even though exploitation requires user interaction, the potential impact is severe and the vulnerability is capable of arbitrary code execution.
Recommended defensive actions
- Review IBM's advisory and apply the vendor patch or upgrade guidance referenced in the official IBM support notice.
- Inventory IBM Security AppScan Enterprise installations and confirm whether any affected versions are deployed.
- Limit exposure to untrusted or specially crafted content wherever possible, and train users to avoid opening unknown files or content in affected workflows.
- Prioritize remediation on systems where AppScan is installed with user-facing access or where content is routinely imported from external sources.
- After patching, validate the installed version against IBM's guidance and document remediation status.
Evidence notes
The CVE record and NVD detail identify IBM Security AppScan Enterprise Edition as the affected product family. NVD provides the vulnerable version list, CWE-119 classification, and the CVSS v3.0 vector AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The IBM support advisory is referenced by NVD as a patch/vendor advisory source.
Official resources
-
CVE-2016-6042 CVE record
CVE.org
-
CVE-2016-6042 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
CVE published by NVD on 2017-02-01 and last modified on 2026-05-13. The record is marked Modified in the source corpus.