Skip to main content

XXE

1233 CVEs technique

Monthly

CVE-2020-15419 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE One Firmware
NVD
CVSS 3.1
7.5
EPSS
63.8%
CVE-2020-15418 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE One Firmware
NVD
CVSS 3.1
7.5
EPSS
9.4%
CVE-2020-3405 HIGH This Week

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Sd Wan Firmware
NVD
CVSS 3.1
7.3
EPSS
1.3%
CVE-2020-4462 HIGH This Week

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
8.2
EPSS
3.2%
CVE-2020-12684 CRITICAL Act Now

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE I Net Clear Reports
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-4510 MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-12025 LOW Monitor

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell XXE Studio 5000 Logix Designer
NVD
CVSS 3.1
3.3
EPSS
1.5%
CVE-2020-5602 HIGH This Week

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cpu Module Logging Configuration Tool Cw Configurator Em Configurator Gt Designer3 +16
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-14940 HIGH POC This Week

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Tuxguitar
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-14204 HIGH This Week

In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Webfocus Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
1.9%
CVE-2020-8541 MEDIUM This Month

OX App Suite through 7.10.3 allows XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Xchange Appsuite
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-13883 MEDIUM This Month

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Microgateway Identity Server As Key Manager
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2020-13692 Maven HIGH PATCH This Week

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PostgreSQL XXE Postgresql Jdbc Driver Quarkus Steelstore Cloud Integrated Storage +2
NVD GitHub
CVSS 3.1
7.7
EPSS
4.1%
CVE-2020-4509 HIGH This Week

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.6
EPSS
1.5%
CVE-2020-4246 HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Identity Governance And Intelligence
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-2012 HIGH This Week

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XXE Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-11541 MEDIUM This Month

In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Snagit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12719 HIGH This Week

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +3
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2020-3256 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Hosted Collaboration Mediation Fulfillment
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2020-12642 Maven HIGH PATCH This Week

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Service Api
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-10683 Maven CRITICAL PATCH Act Now

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Dom4J Agile Plm Application Testing Suite Banking Platform +34
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2020-8479 CRITICAL Act Now

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XXE 800Xa System Compact Hmi Control Builder Safe
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-11885 HIGH This Week

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Enterprise Integrator
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-2178 Maven HIGH PATCH This Week

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Parasoft Findings
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-6238 CRITICAL Act Now

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XXE Commerce Cloud
NVD
CVSS 3.1
9.3
EPSS
1.3%
CVE-2020-10629 HIGH This Week

WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Webaccess Nms
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-2172 Maven MEDIUM PATCH This Month

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Code Coverage Api
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-11586 CRITICAL POC Act Now

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cipace
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-10993 CRITICAL POC Act Now

Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Osmand
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-10992 CRITICAL POC Act Now

Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Azkaban
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10991 CRITICAL POC Act Now

Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Aplkit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-10990 CRITICAL PATCH Act Now

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Mercury
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-2171 Maven HIGH PATCH This Week

Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rapiddeploy
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-10799 PyPI CRITICAL POC PATCH Act Now

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python XXE Svglib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8540 CRITICAL Act Now

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF XXE Manageengine Desktop Central
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2020-9044 CRITICAL Act Now

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Lonworks Control Server Metasys Open Application Server +9
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-2144 Maven HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rundeck
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-2138 Maven HIGH PATCH This Week

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Cobertura
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-9352 CRITICAL POC Act Now

An issue was discovered in SmartClient 12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Smartclient
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-1693 CRITICAL POC PATCH Act Now

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service XXE Spacewalk
NVD GitHub
CVSS 3.1
9.8
EPSS
4.3%
CVE-2020-6187 MEDIUM This Month

SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP XXE Netweaver Guided Procedures
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-2120 Maven HIGH PATCH This Week

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Fitnesse
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2115 Maven HIGH PATCH This Week

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Nunit
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-6856 MEDIUM This Month

An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jobscheduler
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2108 Maven HIGH This Week

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins IBM XXE Websphere Deployer
NVD
CVSS 3.1
7.6
EPSS
0.9%
CVE-2020-2092 Maven HIGH PATCH This Week

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Robot Framework
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6958 CRITICAL POC Act Now

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yet Another Java Service Wrapper
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2019-19032 HIGH POC This Week

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Xmlblueprint
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
4.5%
CVE-2019-19031 HIGH POC This Week

Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Easy Xml Editor
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
5.2%
CVE-2019-19998 HIGH POC This Week

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Xiunobbs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-16549 Maven HIGH PATCH This Week

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Jenkins Maven
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-19702 PyPI HIGH POC PATCH This Week

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service Modoboa Dmarc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-11216 MEDIUM POC This Month

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE File Upload Remedy Smart Reporting
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-17554 Maven MEDIUM POC PATCH THREAT This Month

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Apache Deserialization Olingo
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
12.2%
CVE-2019-10080 Maven MEDIUM PATCH This Month

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Apache Nifi
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-17085 MEDIUM This Month

XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Operations Agent
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10172 Maven HIGH This Week

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jackson Mapper Asl Jboss Enterprise Application Platform Jboss Fuse Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
17.0%
CVE-2019-14678 CRITICAL POC Act Now

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service SSRF Xml Mapper Base Sas
NVD GitHub
CVSS 3.1
10.0
EPSS
3.0%
CVE-2019-12331 PHP HIGH POC PATCH This Week

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Phpspreadsheet
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-8126 PHP MEDIUM PATCH This Month

An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Information Disclosure Adobe Magento
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2019-18227 HIGH This Week

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Wise Paas Rmm
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2019-9757 HIGH POC THREAT This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Labkey Server
NVD GitHub
CVSS 3.1
7.5
EPSS
37.3%
CVE-2019-8087 HIGH This Week

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2019-8086 HIGH POC THREAT This Week

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
7.5
EPSS
24.1%
CVE-2019-8082 HIGH This Week

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-18213 HIGH POC PATCH This Week

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE SSRF Red Hat Xml Server Project Wild Web Developer +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-12415 Maven MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache Poi Application Testing Suite +25
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-10466 Maven HIGH This Week

An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SSRF Jenkins 360 Fireline
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-14276 MEDIUM PATCH This Month

WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Xnat
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-1060 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Microsoft RCE Windows 10 Windows 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
12.9%
CVE-2019-12711 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-16188 HIGH PATCH This Week

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

XXE Information Disclosure Appscan Source
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2019-9488 MEDIUM PATCH This Month

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Trend Micro Deep Security Manager Vulnerability Protection
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-16174 HIGH PATCH This Week

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Limesurvey
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-6179 HIGH This Week

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Microsoft VMware XXE +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-13608 HIGH POC KEV THREAT This Week

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Citrix Storefront Server
NVD
CVSS 3.1
7.5
EPSS
30.3%
CVE-2019-15641 MEDIUM POC This Month

xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Webmin
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-15637 HIGH POC THREAT This Week

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Tableau Server Tableau Desktop Tableau Reader +1
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
14.3%
CVE-2019-4513 HIGH This Week

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Security Access Manager For Enterprise Single Sign On
NVD
CVSS 3.1
8.2
EPSS
2.8%
CVE-2019-14258 HIGH POC This Week

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Zenoss
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-4424 HIGH This Week

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2019-4340 HIGH This Week

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Security Guardium Big Data Intelligence
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2019-4433 HIGH This Week

IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Infosphere Global Name Management Infosphere Identity Insight
NVD
CVSS 3.1
8.2
EPSS
3.9%
CVE-2019-4419 HIGH This Week

IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Intelligent Operations Center Intelligent Operations Center For Emergency Management Water Operations For Waternamics
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2019-1187 MEDIUM PATCH This Month

A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Denial Of Service Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
3.1%
CVE-2019-1057 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Microsoft RCE Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2019-0340 MEDIUM This Month

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE File Upload SAP Enable Now
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-14693 HIGH This Week

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer
NVD
CVSS 3.0
8.1
EPSS
4.2%
CVE-2019-13176 HIGH POC This Week

An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF 3Cx
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-4456 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Daeja Viewone
NVD
CVSS 3.1
7.1
EPSS
1.9%
EPSS 64% CVSS 7.5
HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE One Firmware
NVD
EPSS 9% CVSS 7.5
HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE One Firmware
NVD
EPSS 1% CVSS 7.3
HIGH This Week

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Sd Wan Firmware
NVD
EPSS 3% CVSS 8.2
HIGH This Week

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Sterling External Authentication Server +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE I Net Clear Reports
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Qradar Security Information And Event Manager
NVD
EPSS 2% CVSS 3.3
LOW Monitor

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell XXE Studio 5000 Logix Designer
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cpu Module Logging Configuration Tool Cw Configurator +18
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Tuxguitar
NVD
EPSS 2% CVSS 8.2
HIGH This Week

In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Webfocus Business Intelligence
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

OX App Suite through 7.10.3 allows XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Xchange Appsuite
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Microgateway +1
NVD
EPSS 4% CVSS 7.7
HIGH PATCH This Week

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PostgreSQL XXE Postgresql Jdbc Driver +4
NVD GitHub
EPSS 2% CVSS 7.6
HIGH This Week

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Qradar Security Information And Event Manager
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Security Identity Governance And Intelligence
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XXE Pan Os
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Snagit
NVD
EPSS 1% CVSS 7.2
HIGH This Week

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics +5
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Hosted Collaboration Mediation Fulfillment
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Service Api
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Dom4J Agile Plm +36
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XXE 800Xa System +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Enterprise Integrator
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Parasoft Findings
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XXE Commerce Cloud
NVD
EPSS 1% CVSS 7.5
HIGH This Week

WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Webaccess Nms
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Code Coverage Api
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cipace
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Osmand
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Azkaban
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Aplkit
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Mercury
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rapiddeploy
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python XXE Svglib
NVD GitHub
EPSS 12% CVSS 9.8
CRITICAL Act Now

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho SSRF XXE +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Metasys Application And Data Server Metasys Extended Application And Data Server +11
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rundeck
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Cobertura
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in SmartClient 12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Smartclient
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Denial Of Service XXE +1
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM This Month

SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP XXE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Fitnesse
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Nunit
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jobscheduler
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins IBM XXE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Robot Framework
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yet Another Java Service Wrapper
NVD GitHub
EPSS 5% CVSS 8.1
HIGH POC This Week

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Xmlblueprint
NVD Exploit-DB
EPSS 5% CVSS 8.1
HIGH POC This Week

Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Easy Xml Editor
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Xiunobbs
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Jenkins Maven
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service Modoboa Dmarc
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE File Upload Remedy Smart Reporting
NVD
EPSS 12% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Apache Deserialization +1
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Apache Nifi
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Operations Agent
NVD
EPSS 17% CVSS 7.5
HIGH This Week

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jackson Mapper Asl Jboss Enterprise Application Platform +3
NVD
EPSS 3% CVSS 10.0
CRITICAL POC Act Now

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Denial Of Service SSRF +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Phpspreadsheet
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Information Disclosure Adobe +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Wise Paas Rmm
NVD
EPSS 37% CVSS 7.5
HIGH POC THREAT This Week

An issue was discovered in LabKey Server 19.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Labkey Server
NVD GitHub
EPSS 4% CVSS 7.5
HIGH This Week

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Adobe +1
NVD
EPSS 24% CVSS 7.5
HIGH POC THREAT This Week

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Adobe +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Adobe +1
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE SSRF Red Hat +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache +27
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SSRF Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Xnat
NVD
EPSS 13% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Microsoft RCE +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Cisco +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

XXE Information Disclosure Appscan Source
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Trend Micro Deep Security Manager +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Limesurvey
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenovo Microsoft +4
NVD
EPSS 30% CVSS 7.5
HIGH POC KEV THREAT This Week

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Citrix Storefront Server
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Webmin
NVD
EPSS 14% CVSS 8.1
HIGH POC THREAT This Week

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Tableau Server +3
NVD GitHub Exploit-DB
EPSS 3% CVSS 8.2
HIGH This Week

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Security Access Manager For Enterprise Single Sign On
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Zenoss
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Business Automation Workflow +1
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Security Guardium Big Data Intelligence
NVD
EPSS 4% CVSS 8.2
HIGH This Week

IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Infosphere Global Name Management +1
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Intelligent Operations Center +2
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Denial Of Service Windows 10 +7
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Microsoft RCE +8
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE File Upload SAP +1
NVD
EPSS 4% CVSS 8.1
HIGH This Week

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE SSRF 3Cx
NVD
EPSS 2% CVSS 7.1
HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Daeja Viewone
NVD
Prev Page 8 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy