Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-10 | CVE-2017-1192 | XXE vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2017-08-08 | CVE-2010-2245 | XXE vulnerability in Apache Wink XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document. | 7.4 |
| 2017-08-02 | CVE-2017-11390 | XXE vulnerability in Trendmicro Control Manager 6.0 XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. | 7.5 |
| 2017-08-02 | CVE-2015-0194 | XXE vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | 6.5 |
| 2017-08-02 | CVE-2017-1383 | XXE vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2017-07-25 | CVE-2017-11457 | XXE vulnerability in SAP Netweaver Application Server Java 7.50 XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249. | 6.5 |
| 2017-07-19 | CVE-2017-1219 | XXE vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 6.5 |
| 2017-07-19 | CVE-2016-6798 | XXE vulnerability in Apache Sling In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application. | 9.8 |
| 2017-07-17 | CVE-2017-7664 | XXE vulnerability in Apache Openmeetings Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | 10.0 |
| 2017-07-17 | CVE-2017-1000061 | XXE vulnerability in Xmlsec Project Xmlsec xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service | 7.1 |