Improper Restriction of XML External Entity Reference
IBM App Connect V126.96.36.199 through V188.8.131.52, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V184.108.40.206 through V220.127.116.11, and WebSphere Message Broker V18.104.22.168 through V22.214.171.124 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
CWE-611 - Improper Restriction of XML External Entity Reference
Listed 4th in the 'OWASP Top Ten', XML External Entities (XXE) vulnerability allows attackers to provide an XML input that contains an external entity. When the XML is parsed, it can cause data extraction and manipulation, execution of commands, denial-of-service attacks, and server-side request forgery.