Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-26 | CVE-2017-6662 | XXE vulnerability in Cisco products A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. | 8.0 |
| 2017-06-16 | CVE-2017-9231 | XXE vulnerability in Citrix Xenmobile Server XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | 7.5 |
| 2017-06-08 | CVE-2016-9698 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-06-07 | CVE-2016-0254 | XXE vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 6.5 |
| 2017-06-07 | CVE-2015-7326 | XXE vulnerability in Milton Webdav XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. | 9.8 |
| 2017-05-30 | CVE-2017-2308 | XXE vulnerability in Juniper Junos Space An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | 6.5 |
| 2017-05-29 | CVE-2017-9295 | XXE vulnerability in Hitachi Device Manager XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | 6.5 |
| 2017-05-26 | CVE-2016-6256 | XXE vulnerability in SAP Business ONE 1.2.3 SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065. | 9.6 |
| 2017-05-25 | CVE-2014-0225 | XXE vulnerability in multiple products When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. | 8.8 |
| 2017-05-23 | CVE-2017-8913 | XXE vulnerability in SAP Netweaver Application Server Java 7.50 The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. | 8.8 |