Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2017-03-23 CVE-2016-5748 XXE vulnerability in Netiq Access Manager 4.1/4.2
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.
local
low complexity
netiq CWE-611
5.5
2017-03-20 CVE-2016-4931 XXE vulnerability in Juniper Junos Space
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
network
low complexity
juniper CWE-611
6.5
2017-03-17 CVE-2017-3811 XXE vulnerability in Cisco Webex Meetings Server 2.6
An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system.
network
low complexity
cisco CWE-611
6.5
2017-03-07 CVE-2016-9724 XXE vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-03-03 CVE-2016-10127 XXE vulnerability in Pysaml2 Project Pysaml2
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
network
low complexity
pysaml2-project CWE-611
critical
9.0
2017-02-27 CVE-2017-6344 XXE vulnerability in Grails PDF Plugin 0.6
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.
local
low complexity
grails CWE-611
5.9
2017-02-23 CVE-2016-8974 XXE vulnerability in IBM Rational Rhapsody Design Manager
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-02-22 CVE-2017-3839 XXE vulnerability in Cisco Secure Access Control System 5.8(2.5)
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system.
network
low complexity
cisco CWE-611
4.3
2017-02-17 CVE-2017-6055 XXE vulnerability in Eparaksts Eparakstitajs 3 1.3.0/1.3.8
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file.
local
low complexity
eparaksts CWE-611
7.8
2017-02-17 CVE-2016-4312 XXE vulnerability in Wso2 Identity Server 5.1.0
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp.
network
high complexity
wso2 CWE-611
7.5