Luca Baggio

**Name of the Vulnerable Software and Affected Versions** IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1 IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2 **Description** The issue allows a remote attacker to exploit a XML External Entity Injection (XXE) attack when processing XML data, potentially exposing sensitive information or consuming memory resources. **Recommendations** For IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1, update to a version that includes the fix for this issue. For IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the processing of XML data to minimize the risk of exploitation.