Viqueen

**Name of the Vulnerable Software and Affected Versions** Apereo Bedework bw-webdav versions prior to 4.0.3 **Description** The issue allows XXE attacks, which can be demonstrated by an invite-reply document that reads a local file. This is related to the files webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. **Recommendations** For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java files until a patch is available.