Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2021-27492 | XXE vulnerability in multiple products When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. | 5.5 |
| 2021-05-26 | CVE-2021-20492 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-05-13 | CVE-2021-22140 | XXE vulnerability in Elastic APP Search 7.11.0/7.11.1 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. | 7.5 |
| 2021-05-13 | CVE-2021-32925 | XXE vulnerability in Chamilo admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. | 6.5 |
| 2021-05-11 | CVE-2021-30006 | XXE vulnerability in Jetbrains Intellij Idea In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. | 7.5 |
| 2021-05-07 | CVE-2020-36124 | XXE vulnerability in Paxtechnology Paxstore 7.0.820200511171508 Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. | 6.5 |
| 2021-05-06 | CVE-2021-1530 | XXE vulnerability in Cisco Broadworks Messaging Server 22.0 A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. | 7.1 |
| 2021-05-05 | CVE-2020-5013 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2021-04-29 | CVE-2021-1369 | XXE vulnerability in Cisco Firepower Device Manager A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. | 5.4 |
| 2021-04-29 | CVE-2021-29140 | XXE vulnerability in Arubanetworks Clearpass A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. | 8.2 |