Ibm · Ibm Business Process Manager · CVE-2017-1527
**Name of the Vulnerable Software and Affected Versions**
IBM Business Process Manager versions 7.5 through 8.5
**Description**
The issue allows for a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources.
**Recommendations**
For versions 7.5 through 8.5, update the XML processing module to prevent XXE attacks, ensuring that external entities are properly validated and restricted to prevent information exposure or memory consumption.