Improper Restriction of XML External Entity Reference
IBM App Connect V184.108.40.206 through V220.127.116.11, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V18.104.22.168 through V22.214.171.124, and WebSphere Message Broker V126.96.36.199 through V188.8.131.52 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
CWE-611 - Improper Restriction of XML External Entity Reference
Listed 4th in the 'OWASP Top Ten', XML External Entities (XXE) vulnerability allows attackers to provide an XML input that contains an external entity. When the XML is parsed, it can cause data extraction and manipulation, execution of commands, denial-of-service attacks, and server-side request forgery.