Vulnerabilities (CVE)

Filtered by CWE-611
Total 1143 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0030 1 Apache 1 Roller 2025-04-20 7.5 HIGH 9.8 CRITICAL
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2016-9706 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 8.5 HIGH 9.1 CRITICAL
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918.
CVE-2017-9295 1 Hitachi 1 Device Manager 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
CVE-2015-0194 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.
CVE-2015-3160 1 Beaker-project 1 Beaker 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
CVE-2017-2308 1 Juniper 1 Junos Space 2025-04-20 5.0 MEDIUM 6.5 MEDIUM
An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.
CVE-2016-5749 1 Netiq 1 Access Manager 2025-04-20 2.1 LOW 5.5 MEDIUM
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
CVE-2017-1000021 1 Logicaldoc 1 Logicaldoc 2025-04-20 6.5 MEDIUM 8.8 HIGH
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.
CVE-2017-7664 1 Apache 1 Openmeetings 2025-04-20 7.5 HIGH 10.0 CRITICAL
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
CVE-2017-8913 1 Sap 1 Netweaver Application Server Java 2025-04-20 6.5 MEDIUM 8.8 HIGH
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
CVE-2017-6895 1 Usb Pratirodh Project 1 Usb Pratirodh 2025-04-20 7.5 HIGH 9.8 CRITICAL
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.
CVE-2016-8348 1 Emerson 1 Liebert Sitescan Web 2025-04-20 7.5 HIGH 9.8 CRITICAL
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.
CVE-2017-9458 1 Paloaltonetworks 1 Pan-os 2025-04-20 7.5 HIGH 9.8 CRITICAL
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2014-0225 2 Pivotal Software, Vmware 2 Spring Framework, Spring Framework 2025-04-20 6.8 MEDIUM 8.8 HIGH
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
CVE-2017-8710 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".
CVE-2016-7051 1 Fasterxml 1 Jackson-dataformat-xml 2025-04-20 5.0 MEDIUM 8.6 HIGH
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
CVE-2017-1103 1 Ibm 2 Rational Quality Manager, Rational Team Concert 2025-04-20 7.5 HIGH 8.1 HIGH
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.
CVE-2017-9096 1 Itextpdf 1 Itext 2025-04-20 6.8 MEDIUM 8.8 HIGH
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
CVE-2016-6798 1 Apache 1 Sling 2025-04-20 7.5 HIGH 9.8 CRITICAL
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
CVE-2015-7743 1 Paessler 1 Prtg Network Monitor 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.