Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-41365 | XXE vulnerability in SAP Business ONE 10.0 SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. | 4.3 |
| 2023-10-09 | CVE-2023-45612 | XXE vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | 9.8 |
| 2023-10-06 | CVE-2023-42445 | XXE vulnerability in Gradle Gradle is a build tool with a focus on build automation and support for multi-language development. | 5.3 |
| 2023-10-02 | CVE-2023-42132 | XXE vulnerability in Mhlw FD Application 9.01 FD Application Apr. | 5.5 |
| 2023-09-25 | CVE-2022-4245 | XXE vulnerability in multiple products A flaw was found in codehaus-plexus. | 4.3 |
| 2023-09-21 | CVE-2023-38343 | XXE vulnerability in Ivanti Endpoint Manager An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. | 7.5 |
| 2023-09-19 | CVE-2023-3892 | XXE vulnerability in Mimsoftware Assistant and Client Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+). This issue was found and analyzed by MIM Software's internal security team. We are unaware of any proof of concept or actual exploit available in the wild. For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892 This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3. | 7.4 |
| 2023-09-12 | CVE-2023-41369 | XXE vulnerability in SAP S/4 Hana The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser. | 4.3 |
| 2023-09-06 | CVE-2023-41932 | XXE vulnerability in Jenkins JOB Configuration History Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'. | 6.5 |
| 2023-09-06 | CVE-2023-41933 | XXE vulnerability in Jenkins JOB Configuration History Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |