CVE-2017-1527

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 7.5 through 8.5

Description The issue allows for a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources.

Recommendations For versions 7.5 through 8.5, update the XML processing module to prevent XXE attacks, ensuring that external entities are properly validated and restricted to prevent information exposure or memory consumption.