Search Results (1298 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1477 1 Ibm 1 Security Access Manager 9.0 Firmware 2025-04-20 N/A
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612.
CVE-2016-9698 1 Ibm 1 Rational Rhapsody Design Manager 2025-04-20 N/A
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.
CVE-2017-7664 1 Apache 1 Openmeetings 2025-04-20 N/A
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
CVE-2017-14759 1 Opentext 1 Document Sciences Xpression 2025-04-20 N/A
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.
CVE-2015-7273 1 Dell 3 Integrated Remote Access Controller 7, Integrated Remote Access Controller 8, Integrated Remote Access Controller Firmware 2025-04-20 N/A
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
CVE-2017-9231 1 Citrix 1 Xenmobile Server 2025-04-20 N/A
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.
CVE-2016-10127 1 Pysaml2 Project 1 Pysaml2 2025-04-20 N/A
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2015-7241 1 Sap 1 Netweaver 2025-04-20 N/A
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2016-4931 1 Juniper 1 Junos Space 2025-04-20 N/A
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
CVE-2017-8040 1 Vmware 1 Single Sign-on For Pivotal Cloud Foundry 2025-04-20 6.5 Medium
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.
CVE-2017-9095 1 Divinglog 1 Diving Log 2025-04-20 5.5 Medium
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
CVE-2017-7457 1 Moxa 1 Mx-aopc Server 2025-04-20 N/A
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
CVE-2017-6895 1 Usb Pratirodh Project 1 Usb Pratirodh 2025-04-20 N/A
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.
CVE-2017-7503 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Cd 2025-04-20 N/A
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.
CVE-2017-5992 1 Python 1 Openpyxl 2025-04-20 N/A
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.
CVE-2017-5661 1 Apache 1 Formatting Objects Processor 2025-04-20 N/A
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CVE-2014-0030 1 Apache 1 Roller 2025-04-20 N/A
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2017-13706 1 Lansweeper 1 Lansweeper 2025-04-20 N/A
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.
CVE-2017-9295 1 Hitachi 1 Device Manager 2025-04-20 N/A
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
CVE-2016-6059 1 Ibm 3 Infosphere Datastage, Infosphere Information Server, Infosphere Information Server On Cloud 2025-04-20 N/A
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.