Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2020-2120 XXE vulnerability in Jenkins Fitnesse
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
2020-02-12 CVE-2020-2115 XXE vulnerability in Jenkins Nunit
Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
2020-02-11 CVE-2014-2052 XXE vulnerability in Owncloud
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
network
low complexity
owncloud CWE-611
critical
9.8
2020-02-07 CVE-2013-4334 XXE vulnerability in Tejimaya Opwebapiplugin 0.1.0/0.4.0/0.5.1
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities
network
low complexity
tejimaya CWE-611
critical
9.8
2020-01-30 CVE-2019-10782 XXE vulnerability in Checkstyle
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
network
low complexity
checkstyle CWE-611
5.3
2020-01-29 CVE-2020-2108 XXE vulnerability in Jenkins Websphere Deployer
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.
network
low complexity
jenkins CWE-611
7.6
2020-01-28 CVE-2019-4707 XXE vulnerability in IBM Security Access Manager 9.0.7.0
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2020-01-24 CVE-2013-4333 XXE vulnerability in Tejimaya Openpne
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
network
low complexity
tejimaya CWE-611
critical
9.1
2020-01-15 CVE-2015-1811 XXE vulnerability in Jenkins Cloudbees 1.596.1
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
network
low complexity
jenkins CWE-611
7.5
2020-01-15 CVE-2015-1809 XXE vulnerability in Jenkins Cloudbees 1.596.1
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
network
low complexity
jenkins CWE-611
7.5