Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-14 | CVE-2019-0340 | XXE vulnerability in SAP Enable NOW 10 The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. | 5.4 |
| 2019-08-08 | CVE-2019-14693 | XXE vulnerability in Zohocorp Manageengine Assetexplorer 6.2.0 Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. | 8.1 |
| 2019-08-08 | CVE-2019-13176 | XXE vulnerability in 3CX 12.5/12.5.44178.1002 An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. | 7.5 |
| 2019-08-07 | CVE-2018-14383 | XXE vulnerability in Ttpsc the Scheduler 5.1.3 The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. | 7.5 |
| 2019-08-02 | CVE-2017-18438 | XXE vulnerability in Cpanel cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | 6.3 |
| 2019-07-30 | CVE-2019-4456 | XXE vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-07-30 | CVE-2019-4062 | XXE vulnerability in IBM I2 Intelligent Analysis Platform IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-07-26 | CVE-2019-10266 | XXE vulnerability in Ahsay Cloud Backup Suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. | 7.5 |
| 2019-07-26 | CVE-2019-10264 | XXE vulnerability in Ahsay Cloud Backup Suite An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. | 7.2 |
| 2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |