Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-21 | CVE-2021-28684 | XXE vulnerability in Powerarchiver The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). | 4.3 |
| 2021-06-16 | CVE-2021-33813 | XXE vulnerability in multiple products An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | 7.5 |
| 2021-06-11 | CVE-2020-5003 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2021-06-09 | CVE-2021-27635 | XXE vulnerability in SAP Netweaver Application Server for Java SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. | 6.5 |
| 2021-06-08 | CVE-2020-25817 | XXE vulnerability in Silverstripe SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. | 4.8 |
| 2021-06-01 | CVE-2019-4730 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-06-01 | CVE-2020-4300 | XXE vulnerability in multiple products IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-05-26 | CVE-2021-20492 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-05-13 | CVE-2021-22140 | XXE vulnerability in Elastic APP Search 7.11.0/7.11.1 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. | 7.5 |
| 2021-05-13 | CVE-2021-32925 | XXE vulnerability in Chamilo admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. | 6.5 |