Name of the Vulnerable Software and Affected Versions:

Xerox FreeFlow Core version 8.0.4

Description:

Improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, resulting in a Server-Side Request Forgery (SSRF). Server-Side Request Forgery (SSRF) occurs when an attacker can cause the server to make requests to unintended locations.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.