Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2021-30006 XXE vulnerability in Jetbrains Intellij Idea
In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.
network
low complexity
jetbrains CWE-611
7.5
7.5
2021-05-07 CVE-2020-36124 XXE vulnerability in Paxtechnology Paxstore 7.0.820200511171508
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection.
network
low complexity
paxtechnology CWE-611
6.5
6.5
2021-05-06 CVE-2021-1530 XXE vulnerability in Cisco Broadworks Messaging Server 22.0
A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system.
network
low complexity
cisco CWE-611
7.1
7.1
2021-05-05 CVE-2020-5013 XXE vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1
8.1
2021-04-29 CVE-2021-29140 XXE vulnerability in Arubanetworks Clearpass
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1.
network
low complexity
arubanetworks CWE-611
8.2
8.2
2021-04-29 CVE-2021-25163 XXE vulnerability in Arubanetworks Airwave
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-611
8.1
8.1
2021-04-28 CVE-2020-7037 XXE vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9
An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service.
network
low complexity
avaya CWE-611
8.1
8.1
2021-04-28 CVE-2021-25165 XXE vulnerability in Arubanetworks Airwave
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-611
8.1
8.1
2021-04-28 CVE-2021-25164 XXE vulnerability in Arubanetworks Airwave
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-611
6.5
6.5
2021-04-23 CVE-2020-7036 XXE vulnerability in Avaya Callback Assist 4.7.1.1
An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system.
network
low complexity
avaya CWE-611
6.5
6.5