Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-15 | CVE-2018-1747 | XXE vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-10-12 | CVE-2018-1844 | XXE vulnerability in IBM Filenet Content Manager 5.2.1/5.5.0 IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-10-10 | CVE-2018-12544 | XXE vulnerability in Eclipse Vert.X In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. | 9.8 |
| 2018-10-10 | CVE-2018-8533 | XXE vulnerability in Microsoft SQL Server Management Studio 17.9/18.0 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. | 5.5 |
| 2018-10-10 | CVE-2018-8532 | XXE vulnerability in Microsoft SQL Server Management Studio 17.9/18.0 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. | 5.5 |
| 2018-10-10 | CVE-2018-8527 | XXE vulnerability in Microsoft SQL Server Management Studio 17.9/18.0 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. | 5.5 |
| 2018-10-10 | CVE-2018-8494 | XXE vulnerability in Microsoft products A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 8.8 |
| 2018-10-09 | CVE-2018-11796 | XXE vulnerability in Apache Tika In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. | 7.5 |
| 2018-10-09 | CVE-2018-10614 | XXE vulnerability in We-Con Levistudiou 1.8.29/1.8.44 An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. | 8.8 |
| 2018-10-08 | CVE-2018-17889 | XXE vulnerability in We-Con PI Studio and PI Studio HMI In WECON Technology Co., Ltd. | 5.3 |