Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-15 | CVE-2018-20157 | XXE vulnerability in Openrefine The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | 7.5 |
| 2018-12-13 | CVE-2018-1821 | XXE vulnerability in IBM Operational Decision Manager IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2018-12-11 | CVE-2018-2492 | XXE vulnerability in SAP Netweaver Application Server Java SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. | 7.1 |
| 2018-12-11 | CVE-2018-20059 | XXE vulnerability in Pippo 1.11.0 jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | 9.8 |
| 2018-12-10 | CVE-2018-15805 | XXE vulnerability in Accusoft Prizmdoc Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption). | 9.1 |
| 2018-12-10 | CVE-2018-20000 | XXE vulnerability in Apereo Bw-Webdav Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. | 7.5 |
| 2018-12-07 | CVE-2018-7063 | XXE vulnerability in Arubanetworks Clearpass Policy Manager In Aruba ClearPass, disabled API admins can still perform read/write operations. | 8.1 |
| 2018-12-07 | CVE-2018-1920 | XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2 IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-12-07 | CVE-2018-1424 | XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2 IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-12-07 | CVE-2018-15362 | XXE vulnerability in GE Cimplicity 10.0/9.0R2/9.5 XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | 9.1 |