Total
1178 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8056 | 1 Watchguard | 1 Fireware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox. | |||||
| CVE-2016-5748 | 1 Netiq | 1 Access Manager | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | |||||
| CVE-2016-8348 | 1 Emerson | 1 Liebert Sitescan Web | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. | |||||
| CVE-2017-13706 | 1 Lansweeper | 1 Lansweeper | 2025-04-20 | 6.5 MEDIUM | 9.9 CRITICAL |
| XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. | |||||
| CVE-2017-12629 | 4 Apache, Canonical, Debian and 1 more | 5 Solr, Ubuntu Linux, Debian Linux and 2 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. | |||||
| CVE-2017-14949 | 1 Restlet | 1 Restlet | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation. | |||||
| CVE-2017-1458 | 1 Ibm | 1 Qradar Network Security | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
| IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377. | |||||
| CVE-2016-5002 | 1 Apache | 1 Xml-rpc | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. | |||||
| CVE-2015-7273 | 1 Dell | 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | |||||
| CVE-2017-1322 | 1 Ibm | 1 Api Connect | 2025-04-20 | 6.4 MEDIUM | 8.2 HIGH |
| IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918. | |||||
| CVE-2016-3027 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | |||||
| CVE-2017-11286 | 1 Adobe | 1 Coldfusion | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||||
| CVE-2017-8110 | 1 Modified-shop | 1 Modified Ecommerce Shopsoftware | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php. | |||||
| CVE-2017-8918 | 1 Blackwave | 1 Dive Assistant | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. | |||||
| CVE-2016-9691 | 1 Ibm | 1 Websphere Cast Iron Solution | 2025-04-20 | 9.0 HIGH | 8.6 HIGH |
| IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. | |||||
| CVE-2014-0225 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. | |||||
| CVE-2017-1254 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. | |||||
| CVE-2017-1289 | 1 Ibm | 1 Sdk | 2025-04-20 | 6.4 MEDIUM | 8.2 HIGH |
| IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. | |||||
| CVE-2015-7743 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file. | |||||
| CVE-2017-1192 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663. | |||||