Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-15 | CVE-2020-21641 | XXE vulnerability in Zohocorp Manageengine Analytics Plus Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | 7.5 |
| 2022-08-10 | CVE-2022-2458 | XXE vulnerability in Redhat Process Automation Manager 7.0/7.5.1 XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. | 8.2 |
| 2022-08-01 | CVE-2022-31775 | XXE vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2022-07-29 | CVE-2022-2414 | XXE vulnerability in Dogtagpki Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. | 7.5 |
| 2022-07-29 | CVE-2022-27873 | XXE vulnerability in Autodesk Fusion 360 An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. | 7.8 |
| 2022-07-27 | CVE-2021-42537 | XXE vulnerability in Visam Vbase Web-Remote 11.6.0.6 VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. | 7.5 |
| 2022-07-26 | CVE-2022-31471 | XXE vulnerability in Untangle Project Untangle untangle is a python library to convert XML data to python objects. | 7.5 |
| 2022-07-25 | CVE-2022-2131 | XXE vulnerability in Openkm 6.3.10 OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack. | 9.8 |
| 2022-07-19 | CVE-2022-22358 | XXE vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2022-07-19 | CVE-2022-34001 | XXE vulnerability in Unit4 Enterprise Resource Planning 7.9 Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. | 6.5 |