Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2021-29140 | XXE vulnerability in Arubanetworks Clearpass A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. | 6.4 |
| 2021-04-29 | CVE-2021-25163 | XXE vulnerability in Arubanetworks Airwave A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 5.5 |
| 2021-04-28 | CVE-2020-7037 | XXE vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.10/9.1.9 An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. | 5.5 |
| 2021-04-28 | CVE-2021-25165 | XXE vulnerability in Arubanetworks Airwave A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 5.5 |
| 2021-04-28 | CVE-2021-25164 | XXE vulnerability in Arubanetworks Airwave A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 5.5 |
| 2021-04-23 | CVE-2020-7036 | XXE vulnerability in Avaya Callback Assist 4.7.1.1 An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.0 |
| 2021-04-23 | CVE-2020-7035 | XXE vulnerability in Avaya Aura Orchestration Designer An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.0 |
| 2021-04-22 | CVE-2021-27736 | XXE vulnerability in Fusionauth Saml V2 FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely. | 4.0 |
| 2021-04-21 | CVE-2021-21642 | XXE vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2021-04-21 | CVE-2021-20454 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |