Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2022-11-03 CVE-2022-40747 XXE vulnerability in IBM Infosphere Information Server 11.7
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
 9.1
9.1
2022-11-03 CVE-2022-42745 XXE vulnerability in Auieosoftware Candidats 3.0.0
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server.
network
low complexity
auieosoftware CWE-611
7.5
7.5
2022-10-28 CVE-2022-31678 XXE vulnerability in VMWare Cloud Foundation and NSX Data Center
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability.
network
low complexity
vmware CWE-611
critical
 9.1
9.1
2022-10-19 CVE-2022-43415 XXE vulnerability in Jenkins Repo 1.14.0/1.15.0
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
7.5
7.5
2022-10-19 CVE-2022-43430 XXE vulnerability in Jenkins Compuware Topaz for Total Test
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
7.5
7.5
2022-10-18 CVE-2022-3338 XXE vulnerability in Mcafee Epolicy Orchestrator
An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack.
network
high complexity
mcafee CWE-611
5.4
5.4
2022-10-03 CVE-2022-42301 XXE vulnerability in Veritas Netbackup
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products.
network
low complexity
veritas CWE-611
8.8
8.8
2022-10-03 CVE-2022-42307 XXE vulnerability in Veritas Netbackup
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products.
network
low complexity
veritas CWE-611
critical
 9.8
9.8
2022-09-23 CVE-2022-34348 XXE vulnerability in IBM Sterling Partner Engagement Manager 6.1/6.1.2/6.2.1.0
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2022-09-22 CVE-2022-40705 XXE vulnerability in Apache Soap 2.2/2.3
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP.
network
low complexity
apache CWE-611
7.5
7.5