Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-12 | CVE-2022-45194 | XXE vulnerability in Bruhn-Newtech Cbrn-Analysis CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | 4.7 |
| 2022-11-04 | CVE-2022-43570 | XXE vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. | 6.5 |
| 2022-11-04 | CVE-2022-3340 | XXE vulnerability in Trellix Intrusion Prevention System Manager 10.1 XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. | 7.2 |
| 2022-11-03 | CVE-2022-40747 | XXE vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2022-11-03 | CVE-2022-42745 | XXE vulnerability in Auieosoftware Candidats 3.0.0 CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. | 7.5 |
| 2022-10-28 | CVE-2022-31678 | XXE vulnerability in VMWare Cloud Foundation and NSX Data Center VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. | 9.1 |
| 2022-10-19 | CVE-2022-43415 | XXE vulnerability in Jenkins Repo 1.14.0/1.15.0 Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |
| 2022-10-19 | CVE-2022-43430 | XXE vulnerability in Jenkins Compuware Topaz for Total Test Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |
| 2022-10-18 | CVE-2022-3338 | XXE vulnerability in Mcafee Epolicy Orchestrator An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. | 5.4 |
| 2022-10-03 | CVE-2022-42301 | XXE vulnerability in Veritas Netbackup An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. | 8.8 |