CVE-2018-1844

Name of the Vulnerable Software and Affected Versions IBM FileNet Content Manager versions 5.2.1 and 5.5.0

Description The issue allows a remote attacker to exploit the vulnerability to expose sensitive information or consume memory resources through a XML External Entity Injection (XXE) attack when processing XML data.

Recommendations For version 5.2.1, update to a version that includes a fix for this issue. For version 5.5.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting the processing of external XML entities to minimize the risk of exploitation.