Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2018-10-05 CVE-2018-0414 XXE vulnerability in Cisco Secure Access Control Server Solution Engine
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system.
network
low complexity
cisco CWE-611
5.7
5.7
2018-10-04 CVE-2018-12471 XXE vulnerability in Suse Subscription Management Tool
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements.
network
low complexity
suse CWE-611
8.1
8.1
2018-09-28 CVE-2018-1702 XXE vulnerability in IBM Platform Symphony and Spectrum Symphony
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2018-09-26 CVE-2018-17411 XXE vulnerability in Informationbuilders Data Quality Suite 10.6.1
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.
network
low complexity
informationbuilders CWE-611
critical
 9.8
9.8
2018-09-26 CVE-2018-15531 XXE vulnerability in Javamelody Project Javamelody
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
network
low complexity
javamelody-project CWE-611
critical
 9.8
9.8
2018-09-25 CVE-2018-1669 XXE vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2018-09-25 CVE-2018-1607 XXE vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2018-09-25 CVE-2018-1588 XXE vulnerability in IBM Rational Engineering Lifecycle Manager
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2018-09-19 CVE-2018-12243 XXE vulnerability in Symantec Messaging Gateway
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser.
low complexity
symantec CWE-611
8.8
8.8
2018-09-19 CVE-2018-11761 XXE vulnerability in multiple products
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion.
network
low complexity
apache oracle CWE-611
7.5
7.5