Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-29 | CVE-2017-9295 | XXE vulnerability in Hitachi Device Manager XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | 6.5 |
| 2017-05-26 | CVE-2016-6256 | XXE vulnerability in SAP Business ONE 1.2.3 SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065. | 9.6 |
| 2017-05-25 | CVE-2014-0225 | XXE vulnerability in multiple products When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. | 8.8 |
| 2017-05-23 | CVE-2017-8913 | XXE vulnerability in SAP Netweaver Application Server Java 7.50 The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. | 8.8 |
| 2017-05-22 | CVE-2017-1289 | XXE vulnerability in IBM SDK IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. | 8.2 |
| 2017-05-19 | CVE-2017-7907 | XXE vulnerability in Schneider-Electric Wonderware Historian Client 2014R2 An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. | 6.6 |
| 2017-05-18 | CVE-2017-7503 | XXE vulnerability in Redhat Jboss Enterprise Application Platform 7.0.5 It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. | 9.8 |
| 2017-05-10 | CVE-2017-1103 | XXE vulnerability in IBM Rational Quality Manager and Rational Team Concert IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-05-05 | CVE-2016-9691 | XXE vulnerability in IBM Websphere Cast Iron Solution IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.6 |
| 2017-04-25 | CVE-2017-1149 | XXE vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |