Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2017-08-31 CVE-2016-5795 XXE vulnerability in multiple products
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior.
network
low complexity
automatedlogic carrier CWE-611
7.3
2017-08-30 CVE-2017-12069 XXE vulnerability in multiple products
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367.
network
low complexity
siemens ocpfoundation CWE-611
8.2
2017-08-11 CVE-2017-11272 XXE vulnerability in Adobe Digital Editions
Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.
network
low complexity
adobe CWE-611
7.5
2017-08-10 CVE-2016-8739 XXE vulnerability in Apache CXF
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders.
network
low complexity
apache CWE-611
7.5
2017-08-10 CVE-2017-1192 XXE vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
2017-08-08 CVE-2010-2245 XXE vulnerability in Apache Wink
XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.
network
high complexity
apache CWE-611
7.4
2017-08-02 CVE-2017-11390 XXE vulnerability in Trendmicro Control Manager 6.0
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure.
network
low complexity
trendmicro CWE-611
7.5
2017-08-02 CVE-2015-0194 XXE vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.
network
low complexity
ibm CWE-611
6.5
2017-08-02 CVE-2017-1383 XXE vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2017-07-25 CVE-2017-11457 XXE vulnerability in SAP Netweaver Application Server Java 7.50
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
network
low complexity
sap CWE-611
6.5