Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-05 | CVE-2022-25312 | XXE vulnerability in Apache Any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. | 9.1 |
| 2022-02-25 | CVE-2022-24340 | XXE vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 9.8 |
| 2022-02-24 | CVE-2020-14478 | XXE vulnerability in Rockwellautomation Factorytalk Services Platform A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. | 7.1 |
| 2022-02-15 | CVE-2022-25209 | XXE vulnerability in Jenkins Chef Sinatra Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2022-02-11 | CVE-2021-46365 | XXE vulnerability in Magnolia-Cms Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | 7.8 |
| 2022-02-09 | CVE-2022-21205 | XXE vulnerability in Intel Quartus Prime Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
| 2022-02-09 | CVE-2022-21220 | XXE vulnerability in Intel Quartus Prime Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-01-30 | CVE-2021-46660 | XXE vulnerability in Signiant Manager+Agents Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. | 9.8 |
| 2022-01-25 | CVE-2022-23031 | XXE vulnerability in F5 Big-Ip Application Security Manager On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that allows an authenticated high-privileged attacker to read local files and force BIG-IP to send HTTP requests. | 4.9 |
| 2022-01-21 | CVE-2020-4875 | XXE vulnerability in IBM Cognos Controller 10.4.0/10.4.1/10.4.2 IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |