Potential security exposure with IBM WebSphere Application Server with JAX-WS or JAX-RS (PM14844, PM14847, PM14765)
WebSphere Industry Content Packs bundles WebSphere Application Server CE as part of the product. This security exposure may be encountered by WebSphere Industry Content Pack users thatare using the Asset Navigator component.
The web services run-time might allow an attacker to cause a denial of service or remotely read arbitrary files on the file system where the run-time is installed. This vulnerability might potentially be exploited on any installation that receives XML messages from untrusted sources. This vulnerability was originally reported by the Apache community's Axis2 project in security advisory CVE-2010-1632.
Please refer to following flash from WebSphere Application Server to obtain the resolution steps: