Improper Restriction of XML External Entity Reference
VISAM VBASE version 188.8.131.52 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CWE-611 - Improper Restriction of XML External Entity Reference
Listed 4th in the 'OWASP Top Ten', XML External Entities (XXE) vulnerability allows attackers to provide an XML input that contains an external entity. When the XML is parsed, it can cause data extraction and manipulation, execution of commands, denial-of-service attacks, and server-side request forgery.