Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-26 | CVE-2019-4513 | XXE vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-21 | CVE-2019-14258 | XXE vulnerability in Zenoss 2.5.3 The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. | 5.0 |
2019-08-20 | CVE-2019-4424 | XXE vulnerability in IBM Business Process Manager IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-20 | CVE-2019-4340 | XXE vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-20 | CVE-2019-4433 | XXE vulnerability in IBM products IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-20 | CVE-2019-4419 | XXE vulnerability in IBM products IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
2019-08-19 | CVE-2019-15160 | XXE vulnerability in Kbrw Sweet XML The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD. | 5.0 |
2019-08-14 | CVE-2019-1187 | XXE vulnerability in Microsoft products A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. | 5.5 |
2019-08-14 | CVE-2019-1057 | XXE vulnerability in Microsoft products A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. | 7.5 |
2019-08-14 | CVE-2019-0340 | XXE vulnerability in SAP Enable NOW The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. | 5.5 |