ViewONE is vulnerable to XXE attack when opening PDF documents.
CVEID: CVE-2018-1835 DESCRIPTION: IBM Daeja Virtual is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150514> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
Daeja ViewONE 5.0
Updgrade to the version 5.0.4 iFix 6 or later.