Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-41226 | XXE vulnerability in Jenkins Compuware Common Configuration Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
| 2022-09-21 | CVE-2022-41241 | XXE vulnerability in Jenkins RQM Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.1 |
| 2022-09-13 | CVE-2022-38342 | XXE vulnerability in Safe FME Server Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks. | 6.5 |
| 2022-09-12 | CVE-2022-1700 | XXE vulnerability in Forcepoint products Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. | 9.8 |
| 2022-09-07 | CVE-2022-37189 | XXE vulnerability in Ddmal Mei2Volpiano DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. | 7.5 |
| 2022-09-01 | CVE-2022-36773 | XXE vulnerability in multiple products IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2022-08-30 | CVE-2022-2330 | XXE vulnerability in Mcafee Data Loss Prevention Endpoint Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | 6.5 |
| 2022-08-19 | CVE-2022-22489 | XXE vulnerability in IBM MQ IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2022-08-16 | CVE-2020-14379 | XXE vulnerability in Redhat Jboss A-Mq 7 A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure. | 5.6 |
| 2022-08-16 | CVE-2022-2838 | XXE vulnerability in Eclipse Sphinx In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. | 5.3 |