Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-19244 | XXE vulnerability in Charlesproxy Charles 4.2.7 An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. | 5.0 |
| 2018-11-08 | CVE-2018-15444 | XXE vulnerability in Cisco Energy Management Suite Software A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. | 4.9 |
| 2018-11-06 | CVE-2018-17186 | XXE vulnerability in Apache Syncope An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | 6.5 |
| 2018-11-06 | CVE-2018-18980 | XXE vulnerability in Zohocorp products An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. | 5.0 |
| 2018-11-02 | CVE-2018-1846 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-11-02 | CVE-2018-1835 | XXE vulnerability in IBM Daeja Viewone 5.0 IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-11-02 | CVE-2018-17912 | XXE vulnerability in Sauter-Controls Case Suite 3.10 An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. | 5.0 |
| 2018-10-29 | CVE-2018-18737 | XXE vulnerability in Douchat 4.0.4 An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. | 5.0 |
| 2018-10-26 | CVE-2018-18659 | XXE vulnerability in Arcserve UDP 6.0/6.5 An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. | 5.0 |
| 2018-10-15 | CVE-2018-1747 | XXE vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |