Multiple vulnerabilities have been reported in IBM Security Access Manager (ISAM) version 9.0 that could allow a remote attacker to gain elevated privileges, obtain sensitive information, traverse directories, bypass security restrictions, launch XML external entity (XXE) attacks, execute arbitrary code or cause denial of service conditions on the targeted system. Vulnerability is fixed in the IBM Security Access Manager (ISAM) version 9.0.7.2.

Source: ibm.com