Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2017-02-15 CVE-2017-5992 XXE vulnerability in Python Openpyxl 2.4.1
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.
local
low complexity
python CWE-611
8.2
2017-02-15 CVE-2016-9706 XXE vulnerability in IBM Integration BUS and Websphere Message Broker
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2017-02-13 CVE-2016-8348 XXE vulnerability in Emerson Liebert Sitescan web 6.5
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior.
network
low complexity
emerson CWE-611
critical
9.8
2017-02-01 CVE-2016-8980 XXE vulnerability in IBM Bigfix Inventory and License Metric Tool
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-02-01 CVE-2016-6059 XXE vulnerability in IBM products
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
8.1
2017-02-01 CVE-2016-3027 XXE vulnerability in IBM products
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
6.5
2017-02-01 CVE-2016-2908 XXE vulnerability in IBM products
IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser.
network
low complexity
ibm CWE-611
critical
9.1
2017-01-23 CVE-2015-7743 XXE vulnerability in Paessler Prtg Network Monitor
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.
network
low complexity
paessler CWE-611
6.5
2017-01-02 CVE-2016-10097 XXE vulnerability in Forgerock Openam 10.1.0
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
network
low complexity
forgerock CWE-611
7.5
2016-12-29 CVE-2016-7460 XXE vulnerability in VMWare Vrealize Automation
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
vmware CWE-611
critical
9.1