Search Results (1308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1254 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634.
CVE-2014-3579 1 Apache 1 Activemq Apollo 2025-04-20 N/A
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
CVE-2014-3600 2 Apache, Redhat 6 Activemq, Fuse Esb Enterprise, Fuse Management Console and 3 more 2025-04-20 N/A
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
CVE-2015-7743 1 Paessler 1 Prtg Network Monitor 2025-04-20 N/A
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.
CVE-2017-7457 1 Moxa 1 Mx-aopc Server 2025-04-20 N/A
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
CVE-2014-0030 1 Apache 1 Roller 2025-04-20 N/A
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2016-0254 1 Ibm 1 Cognos Business Intelligence 2025-04-20 N/A
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.
CVE-2014-0225 3 Pivotal Software, Redhat, Vmware 4 Spring Framework, Jboss Amq, Jboss Fuse and 1 more 2025-04-20 N/A
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
CVE-2016-4931 1 Juniper 1 Junos Space 2025-04-20 N/A
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
CVE-2016-5748 1 Netiq 1 Access Manager 2025-04-20 N/A
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.
CVE-2016-5749 1 Netiq 1 Access Manager 2025-04-20 N/A
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
CVE-2016-5795 2 Automatedlogic, Carrier 3 I-vu, Sitescan Web, Automatedlogic Webctrl 2025-04-20 N/A
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.
CVE-2016-10127 1 Pysaml2 Project 1 Pysaml2 2025-04-20 N/A
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2016-10149 3 Debian, Pysaml2 Project, Redhat 3 Debian Linux, Pysaml2, Openstack 2025-04-20 N/A
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
CVE-2015-7241 1 Sap 1 Netweaver 2025-04-20 N/A
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVE-2017-7907 1 Schneider-electric 1 Wonderware Historian Client 2025-04-20 N/A
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.
CVE-2017-3839 1 Cisco 1 Secure Access Control System 2025-04-20 N/A
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5).
CVE-2017-5661 1 Apache 1 Formatting Objects Processor 2025-04-20 N/A
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CVE-2017-5662 2 Apache, Redhat 5 Batik, Jboss Amq, Jboss Bpms and 2 more 2025-04-20 N/A
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
CVE-2017-6344 1 Grails 1 Pdf Plugin 2025-04-20 N/A
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.