Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-01 | CVE-2021-21517 | XXE vulnerability in Dell EMC SRS Policy Manager 6.6/6.8.3/6.9.0 SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. | 7.2 |
| 2021-02-26 | CVE-2019-18943 | XXE vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | 8.0 |
| 2021-02-11 | CVE-2021-27184 | XXE vulnerability in Pelco Digital Sentry Server 7.18.72.11464 Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 7.5 |
| 2021-02-10 | CVE-2021-20353 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-01-26 | CVE-2020-4949 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2021-01-25 | CVE-2021-23901 | XXE vulnerability in multiple products An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. | 9.1 |
| 2021-01-20 | CVE-2020-27858 | XXE vulnerability in Arcserve D2D 16.5 This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. | 7.5 |
| 2021-01-19 | CVE-2021-22498 | XXE vulnerability in Microfocus Application Lifecycle Management XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. | 8.1 |
| 2021-01-13 | CVE-2021-23899 | XXE vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. | 9.8 |
| 2021-01-12 | CVE-2020-26981 | XXE vulnerability in Siemens Jt2Go and Teamcenter Visualization A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). | 6.5 |