Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-11 | CVE-2020-8540 | XXE vulnerability in Zohocorp Manageengine Desktop Central An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.5 |
| 2020-03-10 | CVE-2020-6202 | XXE vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. | 6.5 |
| 2020-03-10 | CVE-2020-9044 | XXE vulnerability in Johnsoncontrols products XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. | 6.4 |
| 2020-03-09 | CVE-2020-2144 | XXE vulnerability in Jenkins Rundeck Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-03-09 | CVE-2020-2138 | XXE vulnerability in Jenkins Cobertura Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-03-09 | CVE-2015-7968 | XXE vulnerability in SAP Netweaver Application Server nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. | 4.0 |
| 2020-02-23 | CVE-2020-9352 | XXE vulnerability in Smartclient 12.0 An issue was discovered in SmartClient 12.0. | 9.8 |
| 2020-02-17 | CVE-2020-1693 | XXE vulnerability in Redhat Spacewalk 1.6/2.6/2.9 A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. | 9.8 |
| 2020-02-14 | CVE-2019-6194 | XXE vulnerability in Lenovo Xclarity Administrator An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | 4.3 |
| 2020-02-12 | CVE-2020-1975 | XXE vulnerability in Paloaltonetworks Pan-Os Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. | 6.5 |