Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-13 | CVE-2021-20801 | XXE vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. | 6.5 |
| 2021-10-12 | CVE-2021-35496 | XXE vulnerability in Tibco Jasperreports Server The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. | 7.5 |
| 2021-10-12 | CVE-2021-40500 | XXE vulnerability in SAP Businessobjects Business Intelligence Platform 4.20/4.30 SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. | 7.5 |
| 2021-10-08 | CVE-2021-3312 | XXE vulnerability in Alkacon Opencms 11.0/11.0.1/11.0.2 An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document. | 6.5 |
| 2021-10-07 | CVE-2021-38298 | XXE vulnerability in Zohocorp Manageengine Admanager Plus Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE. | 9.8 |
| 2021-10-07 | CVE-2021-40439 | XXE vulnerability in Apache Openoffice Apache OpenOffice has a dependency on expat software. | 6.5 |
| 2021-10-07 | CVE-2021-41770 | XXE vulnerability in Pingidentity Pingfederate Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | 7.5 |
| 2021-10-06 | CVE-2021-34706 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. | 5.4 |
| 2021-09-30 | CVE-2021-35201 | XXE vulnerability in Netscout Ngeniusone 6.3.0 NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. | 6.5 |
| 2021-09-27 | CVE-2021-41098 | XXE vulnerability in Nokogiri Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. | 7.5 |