IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
https://exchange.xforce.ibmcloud.com/vulnerabilities/80316
http://www-01.ibm.com/support/docview.wss?uid=swg24034122