Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2020-7035 | XXE vulnerability in Avaya Aura Orchestration Designer An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 6.5 |
| 2021-04-22 | CVE-2021-27736 | XXE vulnerability in Fusionauth Saml V2 FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely. | 6.5 |
| 2021-04-21 | CVE-2021-21642 | XXE vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2021-04-21 | CVE-2021-20454 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-04-20 | CVE-2021-20453 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-04-14 | CVE-2021-27604 | XXE vulnerability in SAP Netweaver Process Integration In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. | 6.5 |
| 2021-04-13 | CVE-2021-28973 | XXE vulnerability in Perforce Helix ALM 2020.3.1 The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. | 4.9 |
| 2021-04-08 | CVE-2020-6590 | XXE vulnerability in Forcepoint products Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | 7.5 |
| 2021-04-06 | CVE-2021-22158 | XXE vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. | 7.2 |
| 2021-04-01 | CVE-2021-29421 | XXE vulnerability in multiple products models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. | 7.5 |