Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2022-07-25 CVE-2022-2131 XXE vulnerability in Openkm 6.3.10
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack.
network
low complexity
openkm CWE-611
critical
 9.8
9.8
2022-07-19 CVE-2022-22358 XXE vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2022-07-19 CVE-2022-34001 XXE vulnerability in Unit4 Enterprise Resource Planning 7.9
Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously.
network
low complexity
unit4 CWE-611
6.5
6.5
2022-07-18 CVE-2015-8031 XXE vulnerability in Eclipse Hudson
Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.
network
low complexity
eclipse CWE-611
critical
 9.8
9.8
2022-07-18 CVE-2022-35741 XXE vulnerability in Apache Cloudstack
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection.
network
low complexity
apache CWE-611
critical
 9.8
9.8
2022-07-07 CVE-2021-41042 XXE vulnerability in Eclipse LYO 1.0.0/4.1.0
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML.
network
low complexity
eclipse CWE-611
5.3
5.3
2022-06-30 CVE-2022-34793 XXE vulnerability in Jenkins Recipe 1.0/1.1/1.2
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2022-06-24 CVE-2022-23170 XXE vulnerability in Sysaid Okta SSO 22.1.49/22.1.63
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability.
network
low complexity
sysaid CWE-611
critical
 9.8
9.8
2022-06-21 CVE-2021-40510 XXE vulnerability in Obdasystems Mastro 1.0
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.
network
low complexity
obdasystems CWE-611
7.5
7.5
2022-06-17 CVE-2021-45024 XXE vulnerability in Rocketsoftware Ags-Zena 4.2.1
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).
network
low complexity
rocketsoftware CWE-611
critical
 9.8
9.8