Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-12 | CVE-2018-12463 | XXE vulnerability in HP Fortify Software Security Center 17.1/17.2/18.1 An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 9.8 |
| 2018-07-09 | CVE-2018-1000616 | XXE vulnerability in Onosproject Onos ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. | 7.5 |
| 2018-07-09 | CVE-2018-1000614 | XXE vulnerability in Onosproject Onos ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. | 7.5 |
| 2018-07-08 | CVE-2018-13439 | XXE vulnerability in Tencent Wechat PAY WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. | 5.0 |
| 2018-07-06 | CVE-2018-1542 | XXE vulnerability in IBM Content Foundation and Filenet Content Manager IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-07-05 | CVE-2018-8026 | XXE vulnerability in multiple products This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). | 2.1 |
| 2018-07-03 | CVE-2018-11640 | XXE vulnerability in Dialogic Powermedia XMS XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | 6.4 |
| 2018-07-03 | CVE-2018-7783 | XXE vulnerability in Schneider-Electric Somachine Basic Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. | 5.0 |
| 2018-06-27 | CVE-2017-7465 | XXE vulnerability in Redhat Jboss Enterprise Application Platform 7.0.0 It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. | 9.8 |
| 2018-06-26 | CVE-2018-1000548 | XXE vulnerability in Umlet Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. | 6.8 |