- Data extraction
- Remote code execution
- Scan internal systems
- Perform Denial of Service.
Your application is vulnerable if it uses SAML for identity processing and your XML Processor parses
- Untrusted XML Acceptance
- Untrusted XML Uploads
- Inserting untrusted data in XML
- sanitize input
- SOAP 1.2
- Patch and upgrade XML processor
DISABLE XML External Entity and DTD Processing in all XML Parsers in applications.