CVE-2018-1846

Name of the Vulnerable Software and Affected Versions IBM Rational Engineering Lifecycle Manager versions 5.0 through 5.0.2 IBM Rational Engineering Lifecycle Manager versions 6.0 through 6.0.6

Description The issue allows a remote attacker to exploit a XML External Entity Injection (XXE) attack when processing XML data, potentially exposing sensitive information or consuming memory resources.

Recommendations For versions 5.0 through 5.0.2, update to a version outside of this range to mitigate the risk. For versions 6.0 through 6.0.6, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the processing of XML data to minimize the risk of exploitation.