Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2019-3481 | XXE vulnerability in HP Arcsight Logger Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. | 7.1 |
| 2019-03-25 | CVE-2017-9362 | XXE vulnerability in Zohocorp Manageengine Servicedesk Plus ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | 8.8 |
| 2019-03-21 | CVE-2019-8997 | XXE vulnerability in Blackberry Athoc An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | 5.9 |
| 2019-03-14 | CVE-2019-9761 | XXE vulnerability in PHPshe 1.7 An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. | 7.5 |
| 2019-03-12 | CVE-2019-5918 | XXE vulnerability in Nablarch Project Nablarch 5/5U1/5U13 Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | 9.1 |
| 2019-03-12 | CVE-2019-0277 | XXE vulnerability in SAP Hana Extended Application Services 1.0 SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability). | 6.5 |
| 2019-03-11 | CVE-2019-9658 | XXE vulnerability in multiple products Checkstyle before 8.18 loads external DTDs by default. | 5.3 |
| 2019-02-21 | CVE-2019-1698 | XXE vulnerability in Cisco IOT Field Network Director A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.9 |
| 2019-02-15 | CVE-2018-1727 | XXE vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2019-02-15 | CVE-2019-0265 | XXE vulnerability in SAP products SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 4.9 |