Schedule demo


XML External Entity (XXE) Vulnerability in SOAP Response of Web service monitor.

Vulnerability Details
Severity Medium
CVE ID CVE-2023-28340
Affected software versions Version 16320 and below
Fixed Version Version 16135 to 16139
Version 16213 to 16219
Version 16330 and above
Fixed on 18 Jan 2023


When a malicious WSDL URL is provided in Web Service monitor, the URL SOAP response is parsed by an insecure XML parser which lead to XML External Entity (XXE) Vulnerability.


This vulnerability allows Applications Manager to be used for file retrieval, server side request forgery, port scanning, or brute forcing.


Applications Manager version 16330 and above fixes this issue by properly parsing the XML response from the WSDL URL provided by the user.

Steps to update

Update your Applications Manager instance to the latest build using the service pack.

Source and Acknowledgements

Find out more about CVE-2023-28340 from CVE Directory and NIST NVD.

Reported by:


Need Help?

For clarification or corrections please contact our support team or email us at

You'll be in great company