Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2021-40510 XXE vulnerability in Obdasystems Mastro 1.0
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.
network
low complexity
obdasystems CWE-611
5.0
2022-06-17 CVE-2021-45024 XXE vulnerability in Rocketsoftware Ags-Zena 4.2.1
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).
network
low complexity
rocketsoftware CWE-611
7.5
2022-06-16 CVE-2021-41411 XXE vulnerability in Redhat Drools 6.1.0
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java.
network
low complexity
redhat CWE-611
7.5
2022-06-14 CVE-2022-32285 XXE vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3).
network
mendix CWE-611
4.3
2022-06-14 CVE-2022-31447 XXE vulnerability in Magicpin 3.4
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.
network
low complexity
magicpin CWE-611
5.0
2022-06-02 CVE-2021-45981 XXE vulnerability in Netscout Ngeniusone 6.3.2
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.
network
low complexity
netscout CWE-611
7.5
2022-05-24 CVE-2022-22977 XXE vulnerability in VMWare Tools
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability.
local
low complexity
vmware CWE-611
3.6
2022-05-24 CVE-2022-31261 XXE vulnerability in Morpheusdata Morpheus
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4.
4.3
2022-05-20 CVE-2022-29801 XXE vulnerability in Siemens Teamcenter
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9).
network
low complexity
siemens CWE-611
5.0
2022-05-17 CVE-2022-30971 XXE vulnerability in Jenkins Storable Configs 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
6.5