Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-15 | CVE-2021-29447 | XXE vulnerability in multiple products Wordpress is an open source CMS. | 6.5 |
| 2021-04-14 | CVE-2021-27604 | XXE vulnerability in SAP Netweaver Process Integration In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. | 6.5 |
| 2021-04-13 | CVE-2021-28973 | XXE vulnerability in Perforce Helix ALM 2020.3.1 The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. | 4.9 |
| 2021-04-08 | CVE-2020-6590 | XXE vulnerability in Forcepoint products Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | 7.5 |
| 2021-04-06 | CVE-2021-22158 | XXE vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. | 7.2 |
| 2021-04-01 | CVE-2021-29421 | XXE vulnerability in multiple products models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. | 7.5 |
| 2021-03-30 | CVE-2021-20502 | XXE vulnerability in IBM products IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-03-30 | CVE-2021-20482 | XXE vulnerability in IBM Cloud PAK for Automation 20.0.2/20.0.3 IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2021-03-26 | CVE-2021-1628 | XXE vulnerability in Salesforce Mule MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. | 9.8 |
| 2021-03-19 | CVE-2021-28110 | XXE vulnerability in Compassplus Tranzware E-Commerce Payment Gateway /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. | 7.5 |