Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-6059 | XXE vulnerability in IBM products IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-02-01 | CVE-2016-3027 | XXE vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 6.5 |
| 2017-02-01 | CVE-2016-2908 | XXE vulnerability in IBM products IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. | 9.1 |
| 2017-01-23 | CVE-2015-7743 | XXE vulnerability in Paessler Prtg Network Monitor XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file. | 6.5 |
| 2017-01-02 | CVE-2016-10097 | XXE vulnerability in Forgerock Openam 10.1.0 XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. | 7.5 |
| 2016-12-29 | CVE-2016-7460 | XXE vulnerability in VMWare Vrealize Automation The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 9.1 |
| 2016-12-29 | CVE-2016-7459 | XXE vulnerability in VMWare Vcenter Server 5.0/5.5/6.0 VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.7 |
| 2016-12-29 | CVE-2016-7458 | XXE vulnerability in VMWare Vsphere Client 5.5/6.0 VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.8 |
| 2016-12-22 | CVE-2016-9181 | XXE vulnerability in Image-Info Project Image-Info for Perl 1.16/1.30 perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. | 7.1 |
| 2016-12-22 | CVE-2016-9180 | XXE vulnerability in Xmltwig Xml-Twig for Perl perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. | 9.1 |