Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-03 | CVE-2016-10127 | XXE vulnerability in Pysaml2 Project Pysaml2 PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | 9.0 |
| 2017-02-27 | CVE-2017-6344 | XXE vulnerability in Grails PDF Plugin 0.6 XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document. | 5.9 |
| 2017-02-23 | CVE-2016-8974 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-02-22 | CVE-2017-3839 | XXE vulnerability in Cisco Secure Access Control System 5.8(2.5) An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. | 4.3 |
| 2017-02-17 | CVE-2017-6055 | XXE vulnerability in Eparaksts Eparakstitajs 3 1.3.0/1.3.8 XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. | 7.8 |
| 2017-02-17 | CVE-2016-4312 | XXE vulnerability in Wso2 Identity Server 5.1.0 XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. | 7.5 |
| 2017-02-15 | CVE-2017-5992 | XXE vulnerability in Python Openpyxl 2.4.1 Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. | 8.2 |
| 2017-02-15 | CVE-2016-9706 | XXE vulnerability in IBM Integration BUS and Websphere Message Broker IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 9.1 |
| 2017-02-13 | CVE-2016-8348 | XXE vulnerability in Emerson Liebert Sitescan web 6.5 An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. | 9.8 |
| 2017-02-01 | CVE-2016-8980 | XXE vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |