Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-10 | CVE-2023-22832 | XXE vulnerability in Apache Nifi The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor. | 7.5 |
| 2023-02-09 | CVE-2023-24323 | XXE vulnerability in Mojoportal 2.7.0.0 Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. | 8.8 |
| 2023-02-03 | CVE-2022-45588 | XXE vulnerability in Talend Remote Engine GEN 2 All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. | 7.8 |
| 2023-02-03 | CVE-2022-22486 | XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-02-03 | CVE-2022-38389 | XXE vulnerability in IBM Tivoli Workload Scheduler 10.1/9.4/9.5 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-01-31 | CVE-2022-47873 | XXE vulnerability in Netcad Keos 1.0 Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). | 9.8 |
| 2023-01-30 | CVE-2023-22322 | XXE vulnerability in Omron Cx-Motion PRO 1.4.6.013 Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. | 5.5 |
| 2023-01-26 | CVE-2023-24429 | XXE vulnerability in Jenkins Semantic Versioning Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 9.8 |
| 2023-01-26 | CVE-2023-24430 | XXE vulnerability in Jenkins Semantic Versioning Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2023-01-26 | CVE-2023-24441 | XXE vulnerability in Jenkins Mstest Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |