Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2018-12-05 CVE-2018-16792 XXE vulnerability in Solarwinds Sftp/Scp Server 20180910
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.
network
low complexity
solarwinds CWE-611
critical
9.1
2018-12-05 CVE-2018-1730 XXE vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-11-26 CVE-2018-1905 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-11-13 CVE-2018-19244 XXE vulnerability in Charlesproxy Charles 4.2.7
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option.
network
low complexity
charlesproxy CWE-611
8.6
2018-11-08 CVE-2018-15444 XXE vulnerability in Cisco Energy Management Suite Software
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.
network
low complexity
cisco CWE-611
7.3
2018-11-06 CVE-2018-17186 XXE vulnerability in Apache Syncope
An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
network
low complexity
apache CWE-611
7.2
2018-11-06 CVE-2018-18980 XXE vulnerability in Zohocorp Manageengine Network Configuration Manager
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request.
network
low complexity
zohocorp CWE-611
7.5
2018-11-02 CVE-2018-1846 XXE vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-11-02 CVE-2018-1835 XXE vulnerability in IBM Daeja Viewone 5.0
IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-11-02 CVE-2018-17912 XXE vulnerability in Sauter-Controls Case Suite 3.10
An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure.
network
low complexity
sauter-controls CWE-611
7.5