This vulnerability has been reported for the Introscope EM (scanned version: 10.7.0.361).
Apache XercesJ is vulnerable to denial-of-service (DoS) due to improper input validation in the XML parser which can lead to an infinite loop. An attacker could exploit this vulnerability by supplying a system with a maliciously crafted XML document.
According to Blackduck the CVSS score is 4.8, and a fix would be to use XercesJ 2.12.2.
To be fixed in APM 10.8