CVE-2016-3055

Name of the Vulnerable Software and Affected Versions IBM FileNet Workplace version 4.0.2 before 4.0.2.14 LA012

Description The issue allows remote authenticated users to read arbitrary files or cause a denial of service due to an XML External Entity (XXE) issue. This occurs when an XML document containing an external entity declaration is used in conjunction with an entity reference.

Recommendations For IBM FileNet Workplace version 4.0.2 before 4.0.2.14 LA012, update to version 4.0.2.14 LA012 or later to resolve the issue. As a temporary workaround, consider restricting access to XML documents that contain external entity declarations to minimize the risk of exploitation.