Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-07 | CVE-2021-40439 | XXE vulnerability in Apache Openoffice Apache OpenOffice has a dependency on expat software. | 6.5 |
| 2021-10-07 | CVE-2021-41770 | XXE vulnerability in Pingidentity Pingfederate Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | 7.5 |
| 2021-10-06 | CVE-2021-34706 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. | 5.4 |
| 2021-09-30 | CVE-2021-35201 | XXE vulnerability in Netscout Ngeniusone 6.3.0 NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. | 4.3 |
| 2021-09-27 | CVE-2021-41098 | XXE vulnerability in Nokogiri Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. | 5.0 |
| 2021-09-21 | CVE-2021-29831 | XXE vulnerability in IBM products IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2021-09-16 | CVE-2021-39239 | XXE vulnerability in Apache Jena A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. | 7.5 |
| 2021-09-15 | CVE-2021-30137 | XXE vulnerability in Axiossystems Assyst 10 Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. | 6.4 |
| 2021-09-14 | CVE-2021-40356 | XXE vulnerability in Siemens Teamcenter Visualization A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). | 5.0 |
| 2021-09-11 | CVE-2021-38555 | XXE vulnerability in Apache Any23 An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. | 6.4 |