|Affected software versions||Version 16320 and below|
|Fixed Version||Version 16135 to 16139
Version 16213 to 16219
Version 16330 and above
|Fixed on||18 Jan 2023|
When a malicious WSDL URL is provided in Web Service monitor, the URL SOAP response is parsed by an insecure XML parser which lead to XML External Entity (XXE) Vulnerability.
This vulnerability allows Applications Manager to be used for file retrieval, server side request forgery, port scanning, or brute forcing.
Applications Manager version 16330 and above fixes this issue by properly parsing the XML response from the WSDL URL provided by the user.
Update your Applications Manager instance to the latest build using the service pack.