Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-13 | CVE-2018-5433 | XXE vulnerability in Tibco Administrator The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. | 6.5 |
| 2018-06-11 | CVE-2017-3208 | XXE vulnerability in Themidnightcoders Weborb for Java 5.1.1.0 The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. | 9.8 |
| 2018-06-11 | CVE-2017-3206 | XXE vulnerability in Exadel Flamingo 2.2.0 The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. | 9.8 |
| 2018-06-07 | CVE-2018-6670 | XXE vulnerability in Mcafee Common Catalog 2.0.0 External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. | 6.5 |
| 2018-06-06 | CVE-2018-1456 | XXE vulnerability in IBM products IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-06-05 | CVE-2018-1000198 | XXE vulnerability in Jenkins Black Duck HUB A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document. | 6.5 |
| 2018-06-04 | CVE-2018-10613 | XXE vulnerability in GE MDS Pulsenet Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. | 7.5 |
| 2018-05-23 | CVE-2018-10653 | XXE vulnerability in Citrix Xenmobile Server 10.7/10.8 There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 9.8 |
| 2018-05-23 | CVE-2018-1309 | XXE vulnerability in Apache Nifi Apache NiFi External XML Entity issue in SplitXML processor. | 9.8 |
| 2018-05-21 | CVE-2018-8010 | XXE vulnerability in Apache Solr This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). | 5.5 |