During security audit tests we found that our SPS server could be vulnerable to an XXE injection attack due to a XML SOAP Vulnerability.
SPS R12.52 SP1 CR00
This has been fixed in R12.52 SP1 CR06, however you can solve this if affected in previous releases by applying the following steps:
1) On SPS go to /secure-proxy/Tomcat/webapps/affwebservices/WEB-INF folder.
2) Make a backup of web.xml file.
3) Stop SPS.
4) Edit web.xml and locate section (as shown below)
5) Remove or comment out the entire "router" servlet section.
6) Restart SPS.
<display-name>Apache-SOAP RPC Router</display-name>
<description>This is the main servlet that dispatches the SOAP requests to registered web services</description>
CA Access Gateway is vulnerable to an XXE injection attack and able to retrieve confidential data and access sensitive files on the server, for example the "passwd" file.