Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-18 | CVE-2019-3772 | XXE vulnerability in multiple products Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | 9.8 |
| 2019-01-18 | CVE-2018-20233 | XXE vulnerability in Atlassian Universal Plugin Manager The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. | 6.5 |
| 2019-01-18 | CVE-2018-2019 | XXE vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-01-17 | CVE-2018-20733 | XXE vulnerability in SAS web Infrastructure Platform 9.4 BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | 7.5 |
| 2019-01-16 | CVE-2015-9280 | XXE vulnerability in Mailenable MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | 10.0 |
| 2019-01-09 | CVE-2018-16166 | XXE vulnerability in Jpcert Logontracer LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | 8.8 |
| 2019-01-09 | CVE-2019-5748 | XXE vulnerability in Traccar Server 4.2 In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. | 9.8 |
| 2019-01-07 | CVE-2018-11788 | XXE vulnerability in Apache Karaf Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. | 9.8 |
| 2019-01-04 | CVE-2019-5312 | XXE vulnerability in Wxjava Project Wxjava 3.3.0 An issue was discovered in weixin-java-tools v3.3.0. | 9.8 |
| 2019-01-03 | CVE-2018-20664 | XXE vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7 Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | 9.8 |