Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-01 | CVE-2022-36773 | XXE vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2022-08-30 | CVE-2022-2330 | XXE vulnerability in Mcafee Data Loss Prevention Endpoint Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | 6.5 |
| 2022-08-16 | CVE-2022-2838 | XXE vulnerability in Eclipse Sphinx In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. | 5.3 |
| 2022-08-10 | CVE-2022-2458 | XXE vulnerability in Redhat Process Automation Manager 7.5.1 XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. | 8.2 |
| 2022-07-12 | CVE-2022-35168 | XXE vulnerability in SAP Business ONE 10.0 Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. | 5.0 |
| 2022-07-07 | CVE-2021-41042 | XXE vulnerability in Eclipse LYO 1.0.0/4.1.0 In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. | 5.3 |
| 2022-06-30 | CVE-2022-34793 | XXE vulnerability in Jenkins Recipe 1.0/1.1/1.2 Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2022-06-24 | CVE-2022-23170 | XXE vulnerability in Sysaid Okta SSO SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. | 6.8 |
| 2022-06-21 | CVE-2021-40510 | XXE vulnerability in Obdasystems Mastro 1.0 XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs. | 5.0 |
| 2022-06-17 | CVE-2021-45024 | XXE vulnerability in Rocketsoftware Ags-Zena 4.2.1 ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). | 9.8 |