Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-29 | CVE-2019-13608 | XXE vulnerability in Citrix Storefront Server Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. | 7.5 |
| 2019-08-26 | CVE-2019-15641 | XXE vulnerability in Webmin xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. | 6.5 |
| 2019-08-26 | CVE-2019-15637 | XXE vulnerability in Tableau products Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. | 8.1 |
| 2019-08-26 | CVE-2019-4513 | XXE vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2019-08-21 | CVE-2019-14258 | XXE vulnerability in Zenoss 2.5.3 The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. | 7.5 |
| 2019-08-20 | CVE-2019-4424 | XXE vulnerability in IBM Business Process Manager IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2019-08-20 | CVE-2019-4340 | XXE vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2019-08-20 | CVE-2019-4433 | XXE vulnerability in IBM products IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2019-08-20 | CVE-2019-4419 | XXE vulnerability in IBM products IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2019-08-14 | CVE-2019-0340 | XXE vulnerability in SAP Enable NOW 10 The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. | 5.4 |