Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-30 | CVE-2021-20502 | XXE vulnerability in IBM products IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-03-30 | CVE-2021-20482 | XXE vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-03-26 | CVE-2021-1628 | XXE vulnerability in Salesforce Mule MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. | 9.8 |
| 2021-03-19 | CVE-2021-28110 | XXE vulnerability in Compassplus Tranzware E-Commerce Payment Gateway /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. | 7.5 |
| 2021-03-05 | CVE-2021-26969 | XXE vulnerability in Arubanetworks Airwave A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. | 6.5 |
| 2021-03-03 | CVE-2021-27931 | XXE vulnerability in Lumis Experience Platform LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. | 9.1 |
| 2021-03-01 | CVE-2021-26703 | XXE vulnerability in Eprints 3.4.2 EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. | 9.8 |
| 2021-03-01 | CVE-2021-21517 | XXE vulnerability in Dell EMC SRS Policy Manager 6.6/6.8.3/6.9.0 SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. | 7.2 |
| 2021-02-26 | CVE-2019-18943 | XXE vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | 8.0 |
| 2021-02-11 | CVE-2021-27184 | XXE vulnerability in Pelco Digital Sentry Server 7.18.72.11464 Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 7.5 |