Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-26 | CVE-2020-24656 | XXE vulnerability in Maltego Maltego before 4.2.12 allows XXE attacks. | 6.5 |
| 2020-08-21 | CVE-2020-24591 | XXE vulnerability in Wso2 products The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. | 6.5 |
| 2020-08-21 | CVE-2020-24589 | XXE vulnerability in Wso2 API Manager and API Microgateway The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | 9.1 |
| 2020-08-21 | CVE-2020-24052 | XXE vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. | 9.1 |
| 2020-08-05 | CVE-2020-4481 | XXE vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2020-08-03 | CVE-2020-4377 | XXE vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2020-07-29 | CVE-2020-4463 | XXE vulnerability in IBM Maximo Asset Management 7.6.0.1/7.6.0.2 IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2020-07-16 | CVE-2020-3405 | XXE vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. | 7.3 |
| 2020-07-16 | CVE-2020-4462 | XXE vulnerability in IBM products IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2020-07-15 | CVE-2020-12684 | XXE vulnerability in Inetsoftware I-Net Clear Reports 19.0.287 XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser. | 9.8 |