Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-23 | CVE-2016-5748 | XXE vulnerability in Netiq Access Manager 4.1/4.2 External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | 5.5 |
2017-03-20 | CVE-2016-4931 | XXE vulnerability in Juniper Junos Space XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | 6.5 |
2017-03-17 | CVE-2017-3811 | XXE vulnerability in Cisco Webex Meetings Server 2.6 An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. | 6.5 |
2017-03-07 | CVE-2016-9724 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
2017-03-03 | CVE-2016-10127 | XXE vulnerability in Pysaml2 Project Pysaml2 PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | 9.0 |
2017-02-27 | CVE-2017-6344 | XXE vulnerability in Grails PDF Plugin 0.6 XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | 5.9 |
2017-02-23 | CVE-2016-8974 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
2017-02-22 | CVE-2017-3839 | XXE vulnerability in Cisco Secure Access Control System 5.8(2.5) An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. | 4.3 |
2017-02-17 | CVE-2017-6055 | XXE vulnerability in Eparaksts Eparakstitajs 3 1.3.0/1.3.8 XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. | 7.8 |
2017-02-17 | CVE-2016-4312 | XXE vulnerability in Wso2 Identity Server 5.1.0 XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. | 7.5 |