Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-45400 | XXE vulnerability in Jenkins Japex 1.7 Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-11-14 | CVE-2022-43689 | XXE vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. | 5.3 |
| 2022-11-12 | CVE-2022-45194 | XXE vulnerability in Bruhn-Newtech Cbrn-Analysis CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | 4.7 |
| 2022-11-04 | CVE-2022-43570 | XXE vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. | 6.5 |
| 2022-11-04 | CVE-2022-3340 | XXE vulnerability in Trellix Intrusion Prevention System Manager 10.1 XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. | 7.2 |
| 2022-11-03 | CVE-2022-40747 | XXE vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2022-11-03 | CVE-2022-42745 | XXE vulnerability in Auieosoftware Candidats 3.0.0 CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. | 7.5 |
| 2022-10-28 | CVE-2022-31678 | XXE vulnerability in VMWare Cloud Foundation and NSX Data Center VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. | 9.1 |
| 2022-10-19 | CVE-2022-43415 | XXE vulnerability in Jenkins Repo 1.14.0/1.15.0 Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |
| 2022-10-19 | CVE-2022-43430 | XXE vulnerability in Jenkins Compuware Topaz for Total Test Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |