CVE-2017-1666

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Key Lifecycle Manager versions 2.5 through 2.7

Description: The issue allows a remote attacker to exploit the vulnerability to expose sensitive information or consume memory resources through a XML External Entity Injection (XXE) attack when processing XML data.

Recommendations: For versions 2.5 through 2.7, update to a version that includes a fix for this issue to prevent XXE attacks. As a temporary workaround, consider restricting the processing of external XML entities to minimize the risk of exploitation.