Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-11 | CVE-2019-12154 | XXE vulnerability in Realobjects Pdfreactor XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions. | 9.1 |
| 2019-06-11 | CVE-2019-10337 | XXE vulnerability in Jenkins Token Macro An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | 7.5 |
| 2019-06-06 | CVE-2019-3722 | XXE vulnerability in Dell EMC Openmanage Server Administrator Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. | 7.5 |
| 2019-05-31 | CVE-2019-10327 | XXE vulnerability in Jenkins Pipeline Maven Integration An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. | 8.1 |
| 2019-05-29 | CVE-2019-9670 | XXE vulnerability in Synacor Zimbra Collaboration Suite mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | 9.8 |
| 2019-05-29 | CVE-2018-20160 | XXE vulnerability in Synacor Zimbra Collaboration Suite ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. | 9.8 |
| 2019-05-28 | CVE-2019-0188 | XXE vulnerability in multiple products Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. | 7.5 |
| 2019-05-14 | CVE-2018-8940 | XXE vulnerability in Enghouse Contact Center: Service Provider 7.2.5 ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue. | 9.8 |
| 2019-05-08 | CVE-2019-7442 | XXE vulnerability in Cyberark Enterprise Password Vault 10.6/10.7 An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | 9.8 |
| 2019-05-07 | CVE-2019-4208 | XXE vulnerability in IBM Tririga Application Platform 3.5.3.0/3.6.0.0 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |