Symantec Protection Engine (SPE) Admin can inject XML with external entities in XML request

SPE 8.2.1 and 8.2.2

The hotfix will restrict admin or any user to add external entities in XML request.
The hotfix is supported on SPE 8.2.1 and 8.2.2 for Windows and Linux. Download and apply the hotfix as per the version installed using the below steps.

Step to deploy the hotfix:

1. Stop SPE service.
2. Go to SPE install location

Default install location for Windows: C:\Program Files\Symantec\Scan Engine
Default install location for Linux: /opt/SYMCScan/bin
 
3. Take back up of servers.jar file.
4. Copy servers.jar (attached to this KB, extract it first) at the same location under the SPE installation directory.
5. Ensure the permission and ownership of newly copied files are identical to backed-up file.
6. Start the SPE service.