Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-14526 | XXE vulnerability in Opentext Documentum Administrator and Documentum Webtop Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | 8.8 |
| 2017-09-28 | CVE-2017-12621 | XXE vulnerability in Apache Commons Jelly 1.0 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. | 9.8 |
| 2017-09-26 | CVE-2017-1527 | XXE vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-09-13 | CVE-2017-8710 | XXE vulnerability in Microsoft Windows 7 and Windows Server 2008 The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability". | 5.5 |
| 2017-09-12 | CVE-2017-8918 | XXE vulnerability in Blackwave Dive Assistant 8.0 XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. | 5.5 |
| 2017-09-09 | CVE-2017-8040 | XXE vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. | 6.5 |
| 2017-09-08 | CVE-2017-9095 | XXE vulnerability in Divinglog Diving LOG XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. | 5.5 |
| 2017-09-07 | CVE-2017-12216 | XXE vulnerability in Cisco Socialminer A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. | 8.8 |
| 2017-09-06 | CVE-2015-7241 | XXE vulnerability in SAP Netweaver 4.0/6.4/7.0 XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | 9.8 |
| 2017-09-06 | CVE-2015-3160 | XXE vulnerability in Beaker-Project Beaker XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system. | 4.3 |