Total
1188 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-1477 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2025-04-20 | N/A |
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. | ||||
CVE-2016-0254 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-20 | N/A |
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563. | ||||
CVE-2017-9095 | 1 Divinglog | 1 Diving Log | 2025-04-20 | 5.5 Medium |
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. | ||||
CVE-2017-9233 | 3 Debian, Libexpat Project, Python | 3 Debian Linux, Libexpat, Python | 2025-04-20 | 7.5 High |
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | ||||
CVE-2017-7503 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Cd | 2025-04-20 | N/A |
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. | ||||
CVE-2017-2308 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | ||||
CVE-2015-0194 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-20 | N/A |
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | ||||
CVE-2015-7743 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | N/A |
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file. | ||||
CVE-2017-3811 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | N/A |
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. | ||||
CVE-2017-3839 | 1 Cisco | 1 Secure Access Control System | 2025-04-20 | N/A |
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5). | ||||
CVE-2015-7326 | 1 Milton | 1 Webdav | 2025-04-20 | N/A |
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. | ||||
CVE-2017-14526 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2025-04-20 | N/A |
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | ||||
CVE-2017-7457 | 1 Moxa | 1 Mx-aopc Server | 2025-04-20 | N/A |
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | ||||
CVE-2015-7273 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2025-04-20 | N/A |
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | ||||
CVE-2022-25628 | 1 Broadcom | 1 Symantec Identity Governance And Administration | 2025-04-18 | 8.8 High |
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | ||||
CVE-2020-14478 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2025-04-17 | 7.1 High |
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services. | ||||
CVE-2021-42537 | 1 Visam | 1 Vbase Web-remote | 2025-04-17 | 5.9 Medium |
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. | ||||
CVE-2022-47514 | 1 Xml-rpc.net Project | 1 Xml-rpc.net | 2025-04-17 | 8.8 High |
An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request. | ||||
CVE-2021-44477 | 1 Ge | 1 Toolboxst | 2025-04-16 | 7.5 High |
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file. | ||||
CVE-2022-1018 | 1 Rockwellautomation | 3 Connected Components Workbench, Isagraf, Safety Instrumented Systems Workstation | 2025-04-16 | 5.5 Medium |
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. |