Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-26 | CVE-2018-1905 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-13 | CVE-2018-19244 | XXE vulnerability in Charlesproxy Charles 4.2.7 An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. | 8.6 |
| 2018-11-08 | CVE-2018-15444 | XXE vulnerability in Cisco Energy Management Suite Software A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. | 7.3 |
| 2018-11-06 | CVE-2018-17186 | XXE vulnerability in Apache Syncope An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | 7.2 |
| 2018-11-06 | CVE-2018-18980 | XXE vulnerability in Zohocorp Manageengine Network Configuration Manager An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. | 7.5 |
| 2018-11-02 | CVE-2018-1846 | XXE vulnerability in IBM Rational Engineering Lifecycle Manager IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-02 | CVE-2018-1835 | XXE vulnerability in IBM Daeja Viewone 5.0 IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-11-02 | CVE-2018-17912 | XXE vulnerability in Sauter-Controls Case Suite 3.10 An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. | 7.5 |
| 2018-10-29 | CVE-2018-18737 | XXE vulnerability in Douchat 4.0.4 An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. | 7.5 |
| 2018-10-26 | CVE-2018-18659 | XXE vulnerability in Arcserve UDP 6.0/6.5 An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. | 7.5 |