An XML eXternal Entity (XXE) vulnerability has been reported for the embedded component used by IBM BPM document store.
CVEID: CVE-2013-5452**
DESCRIPTION:** The IBM FileNet Business Process Framework is vulnerable to an XML external entity attack. A remote attacker could exploit this vulnerability to obtain sensitive information, which could be used to launch further attacks against the system.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88192 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Install the interim fix for APAR JR53843 as appropriate for your current IBM Business Process Manager version.
Please note that the fix for 8.5.6.0 is included in Cumulative Fix 1 see Product maintenance strategy for IBM Business Process Manager V8.5.6 and V8.5.7.
None