Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-18 | CVE-2012-2656 | XXE vulnerability in Talend Restlet 1.1.10 An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. | 5.0 |
| 2019-12-17 | CVE-2019-16549 | XXE vulnerability in Jenkins Maven 0.14.0/0.16.1 Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. | 8.1 |
| 2019-12-15 | CVE-2014-3643 | XXE vulnerability in Jersey Project Jersey jersey: XXE via parameter entities not disabled by the jersey SAX parser | 5.0 |
| 2019-12-04 | CVE-2019-17554 | XXE vulnerability in Apache Olingo The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. | 5.5 |
| 2019-11-26 | CVE-2011-3600 | XXE vulnerability in Apache Ofbiz The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. | 7.5 |
| 2019-11-19 | CVE-2019-10080 | XXE vulnerability in Apache Nifi The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. | 6.5 |
| 2019-11-18 | CVE-2019-17085 | XXE vulnerability in Microfocus Operations Agent XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. | 6.5 |
| 2019-11-18 | CVE-2018-20687 | XXE vulnerability in Raritan Commandcenter Secure Gateway An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.5 |
| 2019-11-18 | CVE-2019-10172 | XXE vulnerability in multiple products A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. | 7.5 |
| 2019-11-14 | CVE-2019-14678 | XXE vulnerability in SAS Base SAS and XML Mapper SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. | 7.5 |