Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-06 | CVE-2018-1456 | XXE vulnerability in IBM products IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2018-06-05 | CVE-2018-1000198 | XXE vulnerability in Jenkins Black Duck HUB A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document. | 4.0 |
| 2018-06-04 | CVE-2018-10613 | XXE vulnerability in GE MDS Pulsenet Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. | 5.0 |
| 2018-05-23 | CVE-2018-10653 | XXE vulnerability in Citrix Xenmobile Server 10.7/10.8 There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 7.5 |
| 2018-05-23 | CVE-2018-1309 | XXE vulnerability in Apache Nifi Apache NiFi External XML Entity issue in SplitXML processor. | 7.5 |
| 2018-05-21 | CVE-2018-8010 | XXE vulnerability in Apache Solr This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). | 5.5 |
| 2018-05-19 | CVE-2018-4942 | XXE vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. | 5.0 |
| 2018-05-15 | CVE-2017-2815 | XXE vulnerability in Igniterealtime User Import Export 2.6.0 An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. | 5.5 |
| 2018-05-11 | CVE-2018-10832 | XXE vulnerability in Modbuspal Project Modbuspal 1.6 ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. | 4.3 |
| 2018-05-11 | CVE-2018-1259 | XXE vulnerability in multiple products Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. | 5.0 |