Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-11 | CVE-2018-2492 | XXE vulnerability in SAP Netweaver Application Server Java SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. | 7.1 |
| 2018-12-11 | CVE-2018-20059 | XXE vulnerability in Pippo 1.11.0 jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | 9.8 |
| 2018-12-10 | CVE-2018-15805 | XXE vulnerability in Accusoft Prizmdoc Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption). | 9.1 |
| 2018-12-10 | CVE-2018-20000 | XXE vulnerability in Apereo Bw-Webdav Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. | 7.5 |
| 2018-12-07 | CVE-2018-7063 | XXE vulnerability in Arubanetworks Clearpass Policy Manager In Aruba ClearPass, disabled API admins can still perform read/write operations. | 8.1 |
| 2018-12-07 | CVE-2018-1920 | XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2 IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-12-07 | CVE-2018-1424 | XXE vulnerability in IBM Marketing Platform 10.1/9.1.0/9.1.2 IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-12-07 | CVE-2018-15362 | XXE vulnerability in GE Cimplicity 10.0/9.0R2/9.5 XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | 9.1 |
| 2018-12-05 | CVE-2018-16792 | XXE vulnerability in Solarwinds Sftp/Scp Server 20180910 SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | 9.1 |
| 2018-12-05 | CVE-2018-1730 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |