Skip to main content

XXE

1233 CVEs technique

Monthly

CVE-2015-6463 MEDIUM PATCH This Month

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service XXE Hart Comm Dtm
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2015-3623 MEDIUM POC This Month

XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Qlikview
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
7.4%
CVE-2015-4538 HIGH This Week

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Atmos
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-5161 PHP MEDIUM POC PATCH THREAT This Month

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.8%.

XXE Zend Framework
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
32.8%
CVE-2015-3269 MEDIUM PATCH This Month

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3%.

Adobe XXE Information Disclosure Apache Business Service Management +1
NVD
CVSS 2.0
5.0
EPSS
13.3%
CVE-2015-6664 MEDIUM This Month

XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Mobile Platform
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-6662 MEDIUM This Month

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Netweaver
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-3784 MEDIUM This Month

Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Information Disclosure Microsoft Mac Os X +5
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-3762 MEDIUM This Month

The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Information Disclosure Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-1818 HIGH This Week

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE SSRF Jboss Bpm Suite
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-5068 HIGH This Week

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Mobile Platform
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-2125 MEDIUM POC THREAT This Month

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

HP XXE Webinspect
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
31.0%
CVE-2015-0112 MEDIUM PATCH This Month

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE Rational Requirements Composer Rhapsody Design Manager Rational Team Concert +5
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-0264 Maven MEDIUM PATCH This Month

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Java Apache Camel
NVD
CVSS 2.0
5.0
EPSS
2.0%
CVE-2015-0263 Maven MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Java Apache Camel
NVD
CVSS 2.0
5.0
EPSS
2.6%
CVE-2015-4162 MEDIUM This Month

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Paloalto Pan Os
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-0758 MEDIUM This Month

The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Information Disclosure Unified Meetingplace
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-1833 Maven MEDIUM POC PATCH THREAT This Month

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

XXE Apache Jackrabbit
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
31.0%
CVE-2015-4091 HIGH This Week

XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Java Sap Netweaver Application Server Java
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1909 MEDIUM PATCH This Month

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure Infosphere Master Data Management Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8924 MEDIUM PATCH This Month

The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE License Metric Tool Tivoli Asset Discovery For Distributed
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2015-2346 MEDIUM POC This Month

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Huawei Seq Analyst
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-8162 HIGH This Week

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Network Satellite Manager
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-3451 MEDIUM This Month

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Xml Libxml Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 2.0
5.0
EPSS
5.0%
CVE-2014-8125 Maven HIGH PATCH This Week

XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

XXE Drools Jbpm
NVD GitHub
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-1092 MEDIUM This Month

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Tvos Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-2818 MEDIUM This Month

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Mobile Platform
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2813 MEDIUM This Month

XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Mobile Platform
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-2812 MEDIUM This Month

XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Enterprise Portal
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-2811 MEDIUM This Month

XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Enterprise Portal
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-0250 Maven MEDIUM POC PATCH This Month

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE Apache Ubuntu Linux Batik +1
NVD
CVSS 2.0
6.4
EPSS
1.5%
CVE-2015-0133 MEDIUM PATCH This Month

IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE Websphere Commerce
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0254 Maven HIGH PATCH This Week

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE XXE Apache Standard Taglibs Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
3.8%
CVE-2014-3682 HIGH This Week

XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java Jbpm Designer
NVD GitHub
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-6302 MEDIUM This Month

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Sequence Kinetics
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0923 MEDIUM POC THREAT This Month

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.8%.

XXE Ektron Content Management System
NVD
CVSS 2.0
5.0
EPSS
77.8%
Threat
4.8
CVE-2015-0581 HIGH This Week

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Denial Of Service Prime Service Catalog
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-1309 MEDIUM This Month

XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Abap
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6577 MEDIUM POC PATCH This Month

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE SSRF Oracle Database Server
NVD
CVSS 2.0
6.8
EPSS
7.8%
CVE-2014-8790 MEDIUM POC This Month

XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XXE Getsimple Cms
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0171 MEDIUM POC This Month

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat XXE Jboss Data Virtualization Odata4J
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6212 MEDIUM PATCH This Month

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE Emptoris Sourcing Portfolio Emptoris Program Management Emptoris Contract Management +1
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0921 MEDIUM POC PATCH THREAT This Month

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.2%.

XXE Epolicy Orchestrator
NVD GitHub
CVSS 2.0
4.0
EPSS
58.2%
Threat
4.0
CVE-2014-5214 MEDIUM POC This Month

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Access Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-6166 MEDIUM This Month

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6114 MEDIUM This Month

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Information Disclosure Operational Decision Manager Websphere Ilog Jrules +1
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8452 MEDIUM This Month

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XXE Information Disclosure Microsoft Acrobat Reader +3
NVD
CVSS 2.0
5.0
EPSS
9.6%
CVE-2014-9360 MEDIUM This Month

XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Web Access
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-7251 LOW Monitor

XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Fast Tools
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2014-7839 Maven MEDIUM PATCH This Month

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XXE Resteasy
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2014-5325 Maven MEDIUM PATCH This Month

The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

XXE Information Disclosure Direct Web Remoting
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3629 MEDIUM This Month

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XXE Microsoft Qpid
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2014-2682 PHP MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

XXE Zendrest Zend Framework Zendservice Slideshare Zendservice Api +6
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-2681 PHP MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Zendrest Zend Framework Zendservice Slideshare +7
NVD
CVSS 2.0
6.4
EPSS
3.0%
CVE-2014-3437 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

XXE Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
17.7%
CVE-2014-4769 MEDIUM This Month

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Commerce
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-8474 HIGH PATCH This Week

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Cloud Service Management
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-8590 MEDIUM This Month

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Java Netweaver Java Application Server
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-6032 MEDIUM POC This Month

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Big Ip Protocol Security Module Big Ip Global Traffic Manager Big Ip Policy Enforcement Manager +10
NVD
CVSS 2.0
5.5
EPSS
2.5%
CVE-2014-7177 MEDIUM POC THREAT This Month

XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

XXE Tuleap
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
12.3%
CVE-2014-3573 MEDIUM This Month

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Enterprise Virtualization Manager
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-8316 MEDIUM POC This Month

XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SAP Businessobjects Explorer
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-0170 MEDIUM PATCH This Month

Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Red Hat XXE Jboss Data Virtualization Teiid
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5392 MEDIUM PATCH This Month

XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service XXE Jobscheduler
NVD
CVSS 2.0
5.8
EPSS
1.0%
CVE-2014-4374 MEDIUM This Month

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Mac Os X Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3529 Maven MEDIUM PATCH This Month

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XXE Apache Poi
NVD
CVSS 2.0
4.3
EPSS
5.2%
CVE-2014-5398 LOW Monitor

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric XXE Denial Of Service Wonderware Information Server
NVD GitHub
CVSS 2.0
2.1
EPSS
0.3%
CVE-2014-5035 MEDIUM This Month

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE Opendaylight
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-3490 Maven HIGH PATCH This Week

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Red Hat XXE Jboss Enterprise Application Platform Resteasy
NVD GitHub
CVSS 2.0
7.5
EPSS
4.6%
CVE-2014-3087 MEDIUM PATCH This Month

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure Business Process Manager Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-5177 LOW PATCH Monitor

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity. Rated low severity (CVSS 1.2).

XXE Enterprise Virtualization Opensuse Enterprise Linux Libvirt
NVD
CVSS 2.0
1.2
EPSS
0.1%
CVE-2014-0179 LOW PATCH Monitor

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction. Rated low severity (CVSS 1.9).

Denial Of Service XXE Libvirt Enterprise Virtualization Opensuse +1
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-3543 PHP MEDIUM PATCH This Month

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure XXE Moodle
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3542 PHP MEDIUM PATCH This Month

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure XXE Moodle
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3530 Maven HIGH PATCH This Week

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat XXE Information Disclosure RCE Jboss Enterprise Application Platform
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-3485 MEDIUM This Month

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Information Disclosure Enterprise Virtualization
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-2510 MEDIUM This Month

The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Information Disclosure Microsoft Centerstage Documentum Foundation Services +2
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-3481 MEDIUM This Month

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Information Disclosure Jboss Enterprise Application Platform
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-3066 MEDIUM This Month

IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Information Disclosure Tivoli Endpoint Manager
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-4669 LOW POC Monitor

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

HP XXE Information Disclosure Enterprise Maps
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-3004 Maven MEDIUM POC PATCH This Month

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XXE Castor Opensuse
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.6%
CVE-2014-2056 HIGH This Week

PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Owncloud Server Phpdocx
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2055 PHP HIGH PATCH This Week

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Sabredav Owncloud Server
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2054 PHP HIGH PATCH This Week

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Owncloud Server Phpexcel
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2053 PHP HIGH PATCH This Week

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Getid3 Owncloud Server
NVD
CVSS 2.0
7.5
EPSS
3.5%
CVE-2014-0119 Maven MEDIUM PATCH This Month

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat XXE Privilege Escalation Apache
NVD
CVSS 2.0
4.3
EPSS
4.4%
CVE-2014-0096 Maven MEDIUM PATCH This Month

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat XXE Java Privilege Escalation Apache
NVD
CVSS 2.0
4.3
EPSS
5.8%
CVE-2014-2194 MEDIUM This Month

system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XXE Unified Web And E Mail Interaction Manager
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-3242 PyPI MEDIUM POC This Month

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Soappy
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-0054 Maven MEDIUM PATCH This Month

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF XXE Denial Of Service Java Spring Framework
NVD VulDB
CVSS 2.0
6.8
EPSS
2.5%
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service XXE Hart Comm Dtm
NVD
EPSS 7% CVSS 6.4
MEDIUM POC This Month

XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF Qlikview
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Atmos
NVD
EPSS 33% CVSS 6.8
MEDIUM POC PATCH THREAT This Month

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.8%.

XXE Zend Framework
NVD Exploit-DB
EPSS 13% CVSS 5.0
MEDIUM PATCH This Month

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3%.

Adobe XXE Information Disclosure +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Mobile Platform
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Netweaver
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Information Disclosure +7
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE SSRF +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Mobile Platform
NVD
EPSS 31% CVSS 4.0
MEDIUM POC THREAT This Month

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

HP XXE Webinspect
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE Rational Requirements Composer +7
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Java Apache +1
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Java Apache +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Paloalto Pan Os
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Information Disclosure +1
NVD
EPSS 31% CVSS 6.4
MEDIUM POC PATCH THREAT This Month

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

XXE Apache Jackrabbit
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Java +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE License Metric Tool +1
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Huawei Seq Analyst
NVD
EPSS 1% CVSS 7.5
HIGH This Week

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Network Satellite +1
NVD
EPSS 5% CVSS 5.0
MEDIUM This Month

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Xml Libxml Ubuntu Linux +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

XXE Drools Jbpm
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Tvos +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Mobile Platform
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Mobile Platform
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Enterprise Portal
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Enterprise Portal
NVD
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE Apache +3
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE Websphere Commerce
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE XXE Apache +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java Jbpm Designer
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Sequence Kinetics
NVD
EPSS 78% 4.8 CVSS 5.0
MEDIUM POC THREAT This Month

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.8%.

XXE Ektron Content Management System
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Denial Of Service +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver Abap
NVD
EPSS 8% CVSS 6.8
MEDIUM POC PATCH This Month

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE SSRF +2
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XXE Getsimple Cms
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC This Month

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat XXE Jboss Data Virtualization +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE Emptoris Sourcing Portfolio +3
NVD
EPSS 58% 4.0 CVSS 4.0
MEDIUM POC PATCH THREAT This Month

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.2%.

XXE Epolicy Orchestrator
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM POC This Month

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Access Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XXE Websphere Application Server
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Information Disclosure +3
NVD
EPSS 10% CVSS 5.0
MEDIUM This Month

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XXE Information Disclosure +5
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Web Access
NVD
EPSS 0% CVSS 3.2
LOW Monitor

XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Fast Tools
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XXE Resteasy
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

XXE Information Disclosure Direct Web Remoting
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XXE Microsoft +1
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

XXE Zendrest Zend Framework +8
NVD VulDB
EPSS 3% CVSS 6.4
MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Zendrest +9
NVD
EPSS 18% CVSS 7.5
HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

XXE Endpoint Protection Manager
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM This Month

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Commerce
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Cloud Service Management
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Java +1
NVD
EPSS 3% CVSS 5.5
MEDIUM POC This Month

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Big Ip Protocol Security Module +12
NVD
EPSS 12% CVSS 4.0
MEDIUM POC THREAT This Month

XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

XXE Tuleap
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Enterprise Virtualization Manager
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SAP Businessobjects Explorer
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Red Hat XXE Jboss Data Virtualization +1
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service XXE Jobscheduler
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XXE Mac Os X +1
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XXE Apache Poi
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric XXE Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE Opendaylight
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Red Hat XXE Jboss Enterprise Application Platform +1
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure +2
NVD
EPSS 0% CVSS 1.2
LOW PATCH Monitor

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity. Rated low severity (CVSS 1.2).

XXE Enterprise Virtualization Opensuse +2
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction. Rated low severity (CVSS 1.9).

Denial Of Service XXE Libvirt +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure XXE +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure XXE +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat XXE Information Disclosure +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Information Disclosure +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Information Disclosure Microsoft +4
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Information Disclosure +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Information Disclosure +1
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

HP XXE Information Disclosure +1
NVD
EPSS 4% CVSS 4.3
MEDIUM POC PATCH This Month

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XXE Castor Opensuse
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Owncloud Server +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Sabredav +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Owncloud Server +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Getid3 +1
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat XXE Privilege Escalation +1
NVD
EPSS 6% CVSS 4.3
MEDIUM PATCH This Month

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat XXE Java +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XXE Unified Web And E Mail Interaction Manager
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Soappy
NVD
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF XXE Denial Of Service +2
NVD VulDB
Prev Page 13 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy