IBM DataPower Gateway XML External Entity Injection Vulnerability (CNVD-2022-56970)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channels using a dedicated gateway platform.IBM DataPower Gateway suffers from an XML external entity injection vulnerability that stems from a network system or product that does not set the correct filtering to allow references to external entities, which can be exploited by a remote attacker to read a file by sending a specially crafted XML file.