CVE-2018-1607

Name of the Vulnerable Software and Affected Versions IBM Rational Engineering Lifecycle Manager versions 5.0 through 5.02 IBM Rational Engineering Lifecycle Manager versions 6.0 through 6.0.6

Description The issue allows a remote attacker to exploit the vulnerability to expose sensitive information or consume memory resources through a XML External Entity Injection (XXE) attack when processing XML data.

Recommendations For versions 5.0 through 5.02, update to a version outside of this range to mitigate the risk. For versions 6.0 through 6.0.6, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the processing of XML data to minimize the risk of exploitation.