IBM Operational Decision Manager External Entity Injection (CVE-2018-1821)

An XML external entity (XXE) injection vulnerability exist in IBM Operational Decision. The vulnerability is due to a failure to properly handle external entity references in XML files. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted XML file with the Remote Assistance application when successful exploitation results in the disclosure of file…

You can read the full article here.