CVE-2018-1702

Name of the Vulnerable Software and Affected Versions IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1 IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2

Description The issue allows a remote attacker to exploit a XML External Entity Injection (XXE) attack when processing XML data, potentially exposing sensitive information or consuming memory resources.

Recommendations For IBM Platform Symphony versions 7.1 Fix Pack 1 through 7.1.1, update to a version that includes the fix for this issue. For IBM Spectrum Symphony versions 7.1.2 through 7.2.0.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the processing of XML data to minimize the risk of exploitation.