There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite.
## Vulnerability Details
** CVEID: **[CVE-2022-40705]()
** DESCRIPTION: **Apache SOAP is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by a weakly configured XML parser in RPCRouterServlet. By using specially-crafted XML content in the configuration file, a remote attacker could exploit this vulnerability to read arbitrary files.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236814%5D() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
## Affected Products and Versions
**Product versions affected:**
Affected Product(s)| Version(s)
Maximo Manage Application in IBM Maximo Application Suite| MAS 8.8-Manage 8.4
**For IBM Maximo Manage application in IBM Maximo Application Suite:**
MAS| Manage Patch Fix or Release
8.8| 8.4.5 or latest (available from the Catalog under Update Available)
8.9| 8.5 or latest (available from the Catalog under Update Available)
## Workarounds and Mitigations
Back to Main