IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.
IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:
Affected Product(s)Version(s)Remediation/Fix/Instructions
IBM Engineering Lifecycle Management - Jazz Foundation
7.0.3Download and install iFix022 https://www.ibm.com/support/fixcentral/swg/downloadFixes
IBM Engineering Lifecycle Management - Jazz Foundation
7.1.0Download and install iFix010 https://www.ibm.com/support/fixcentral/swg/downloadFixes
IBM Engineering Lifecycle Management - Jazz Foundation
7.2.0Download and install iFix002 https://www.ibm.com/support/fixcentral/swg/downloadFixes