IBM Security Access Manager is a product for information security management applications from International Business Machines (IBM). The product enables access management control through integrated appliances for web, mobile and cloud computing. An XML external entity injection vulnerability exists in IBM Security Access Manager, which can be exploited by an attacker to obtain sensitive information or consume memory resources.