Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2021-41042 XXE vulnerability in Eclipse LYO 1.0.0/4.1.0
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML.
network
low complexity
eclipse CWE-611
5.3
5.3
2022-06-30 CVE-2022-34793 XXE vulnerability in Jenkins Recipe 1.0/1.1/1.2
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2022-06-24 CVE-2022-23170 XXE vulnerability in Sysaid Okta SSO 22.1.49/22.1.63
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability.
network
low complexity
sysaid CWE-611
critical
 9.8
9.8
2022-06-21 CVE-2021-40510 XXE vulnerability in Obdasystems Mastro 1.0
XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.
network
low complexity
obdasystems CWE-611
7.5
7.5
2022-06-17 CVE-2021-45024 XXE vulnerability in Rocketsoftware Ags-Zena 4.2.1
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).
network
low complexity
rocketsoftware CWE-611
critical
 9.8
9.8
2022-06-16 CVE-2021-41411 XXE vulnerability in Redhat Drools 6.1.0
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java.
network
low complexity
redhat CWE-611
critical
 9.8
9.8
2022-06-14 CVE-2022-32285 XXE vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3).
network
low complexity
mendix CWE-611
7.5
7.5
2022-06-14 CVE-2022-31447 XXE vulnerability in Magicpin 3.4
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.
network
low complexity
magicpin CWE-611
7.5
7.5
2022-06-02 CVE-2021-45981 XXE vulnerability in Netscout Ngeniusone 6.3.2
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.
network
low complexity
netscout CWE-611
critical
 9.8
9.8
2022-05-24 CVE-2022-22977 XXE vulnerability in VMWare Tools
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability.
local
low complexity
vmware CWE-611
7.1
7.1