Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-8997 | XXE vulnerability in Blackberry Athoc An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. | 5.9 |
| 2019-03-14 | CVE-2019-9761 | XXE vulnerability in PHPshe 1.7 An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. | 7.5 |
| 2019-03-12 | CVE-2019-5918 | XXE vulnerability in Nablarch Project Nablarch 5/5U1/5U13 Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | 9.1 |
| 2019-03-12 | CVE-2019-0277 | XXE vulnerability in SAP Hana Extended Application Services 1.0 SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability). | 6.5 |
| 2019-03-11 | CVE-2019-9658 | XXE vulnerability in multiple products Checkstyle before 8.18 loads external DTDs by default. | 5.3 |
| 2019-02-21 | CVE-2019-1698 | XXE vulnerability in Cisco IOT Field Network Director A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. | 4.9 |
| 2019-02-15 | CVE-2018-1727 | XXE vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2019-02-15 | CVE-2019-0265 | XXE vulnerability in SAP products SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 4.9 |
| 2019-02-11 | CVE-2019-7722 | XXE vulnerability in PMD Project PMD PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. | 8.1 |
| 2019-02-06 | CVE-2019-1003015 | XXE vulnerability in Jenkins JOB Import An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc. | 9.1 |