XML External Entity (XXE)

jena-core is vulnerable to XML external entity. An attacker is able to execute XML External Entities XXE due to lack of secure XML processing, subsequently exposing the contents of local files to a remote server...

Privilege Escalation

ibm java is vulnerable to privilege escalation. A flaw was found in the way JAXP Java API for XML Processing components were handled, allowing them to be manipulated by untrusted applets. This could be used to elevate privileges and bypass secure XML processing restrictions...