Jakub Kaluzny

**Name of the Vulnerable Software and Affected Versions** IBM FileNet Workplace version 4.0.2 before 4.0.2.14 LA012 **Description** The issue allows remote authenticated users to read arbitrary files or cause a denial of service due to an XML External Entity (XXE) issue. This occurs when an XML document containing an external entity declaration is used in conjunction with an entity reference. **Recommendations** For IBM FileNet Workplace version 4.0.2 before 4.0.2.14 LA012, update to version 4.0.2.14 LA012 or later to resolve the issue. As a temporary workaround, consider restricting access to XML documents that contain external entity declarations to minimize the risk of exploitation.