Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-20 | CVE-2016-4931 | XXE vulnerability in Juniper Junos Space 15.1/15.2 XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. | 4.0 |
| 2017-03-17 | CVE-2017-3811 | XXE vulnerability in Cisco Webex Meetings Server 2.6 An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. | 4.0 |
| 2017-03-07 | CVE-2016-9724 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
| 2017-03-03 | CVE-2016-10127 | XXE vulnerability in Pysaml2 Project Pysaml2 PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | 6.8 |
| 2017-02-27 | CVE-2017-6344 | XXE vulnerability in Grails PDF Plugin 0.6 XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | 4.3 |
| 2017-02-23 | CVE-2016-8974 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 7.5 |
| 2017-02-22 | CVE-2017-3839 | XXE vulnerability in Cisco Secure Access Control System 5.8(2.5) An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. | 4.0 |
| 2017-02-17 | CVE-2017-6055 | XXE vulnerability in Eparaksts Eparakstitajs 3 XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. | 6.8 |
| 2017-02-17 | CVE-2016-4312 | XXE vulnerability in Wso2 Identity Server 5.1.0 XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. | 6.0 |
| 2017-02-15 | CVE-2017-5992 | XXE vulnerability in Python Openpyxl 2.4.1 Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. | 5.8 |