Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-31 | CVE-2016-5795 | XXE vulnerability in multiple products An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. | 7.5 |
| 2017-08-30 | CVE-2017-12069 | XXE vulnerability in multiple products An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. | 6.4 |
| 2017-08-10 | CVE-2016-8739 | XXE vulnerability in Apache CXF The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. | 7.5 |
| 2017-08-10 | CVE-2017-1192 | XXE vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2017-08-08 | CVE-2010-2245 | XXE vulnerability in Apache Wink XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document. | 5.8 |
| 2017-08-02 | CVE-2017-11390 | XXE vulnerability in Trendmicro Control Manager 6.0 XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. | 5.0 |
| 2017-08-02 | CVE-2015-0194 | XXE vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | 4.0 |
| 2017-08-02 | CVE-2017-1383 | XXE vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2017-07-25 | CVE-2017-11457 | XXE vulnerability in SAP Netweaver 7.5 XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249. | 4.0 |
| 2017-07-19 | CVE-2017-1219 | XXE vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |