CVE-2018-1424

Name of the Vulnerable Software and Affected Versions IBM Marketing Platform versions 9.1.0 through 9.1.2, version 10.1

Description The issue allows a remote attacker to exploit the XML External Entity Injection (XXE) vulnerability when processing XML data, potentially exposing sensitive information or consuming memory resources.

Recommendations For versions 9.1.0 through 9.1.2 and version 10.1, update to a version that includes a fix for this issue to prevent XXE attacks. As a temporary workaround, consider restricting the processing of external XML entities to minimize the risk of exploitation.