Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-29 | CVE-2020-25020 | XXE vulnerability in multiple products MPXJ through 8.1.3 allows XXE attacks. | 9.8 |
| 2020-08-26 | CVE-2020-17376 | XXE vulnerability in Openstack Nova An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. | 8.3 |
| 2020-08-26 | CVE-2020-24656 | XXE vulnerability in Maltego Maltego before 4.2.12 allows XXE attacks. | 6.5 |
| 2020-08-21 | CVE-2020-24591 | XXE vulnerability in Wso2 products The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. | 6.5 |
| 2020-08-21 | CVE-2020-24589 | XXE vulnerability in Wso2 API Manager and API Microgateway The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | 9.1 |
| 2020-08-21 | CVE-2020-24052 | XXE vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. | 9.1 |
| 2020-08-05 | CVE-2020-4481 | XXE vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2020-08-03 | CVE-2020-4377 | XXE vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2020-07-29 | CVE-2020-4463 | XXE vulnerability in IBM Maximo Asset Management 7.6.0.1/7.6.0.2 IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2020-07-28 | CVE-2020-15419 | XXE vulnerability in Veeam ONE Firmware 10.0.0.0 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. | 7.5 |