ASA-2019-00252 – IBM Planning Analytics: Apache Derby XML External Entity (XXE) information disclosure

Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.