Vulnerabilities > Improper Restriction of XML External Entity Reference ('XXE')

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-3113 XXE vulnerability in Lenovo Xclarity Administrator
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
network
low complexity
lenovo CWE-611
7.5
2023-06-15 CVE-2023-3276 XXE vulnerability in Dromara Hutool
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19.
network
low complexity
dromara CWE-611
7.5
2023-06-13 CVE-2023-24470 XXE vulnerability in Microfocus Arcsight Logger
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
network
low complexity
microfocus CWE-611
critical
9.1
2023-06-13 CVE-2023-29498 XXE vulnerability in Fujielectric Frenic RHC Loader 1.1.0.3
Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier.
local
low complexity
fujielectric CWE-611
5.5
2023-06-05 CVE-2023-34411 XXE vulnerability in XML Library Project XML Library
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.
network
low complexity
xml-library-project CWE-611
7.5
2023-06-01 CVE-2023-32706 XXE vulnerability in Splunk and Splunk Cloud Platform
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
network
low complexity
splunk CWE-611
6.5
2023-05-24 CVE-2022-41221 XXE vulnerability in Opentext Archive Center Administration
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks.
local
low complexity
opentext CWE-611
7.1
2023-05-18 CVE-2023-20173 XXE vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-611
4.9
2023-05-18 CVE-2023-20174 XXE vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-611
4.9
2023-05-16 CVE-2023-2161 XXE vulnerability in Schneider-Electric OPC Factory Server
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. 
local
low complexity
schneider-electric CWE-611
5.5