Total
1035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1666 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540. | |||||
| CVE-2017-1527 | 1 Ibm | 1 Business Process Manager | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156. | |||||
| CVE-2017-1477 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. | |||||
| CVE-2017-1458 | 1 Ibm | 1 Qradar Network Security | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377. | |||||
| CVE-2017-1383 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. | |||||
| CVE-2017-1322 | 1 Ibm | 1 Api Connect | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918. | |||||
| CVE-2017-1289 | 1 Ibm | 1 Sdk | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. | |||||
| CVE-2017-1254 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. | |||||
| CVE-2017-1219 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. | |||||
| CVE-2017-1192 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663. | |||||
| CVE-2017-1149 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202. | |||||
| CVE-2017-1103 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665. | |||||
| CVE-2017-18438 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | |||||
| CVE-2017-18197 | 1 Jgraph | 1 Mxgraph | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView. | |||||
| CVE-2017-18111 | 1 Atlassian | 1 Application Links | 2024-11-21 | 5.5 MEDIUM | 8.7 HIGH |
| The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability. | |||||
| CVE-2017-18110 | 1 Atlassian | 1 Crowd | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability. | |||||
| CVE-2017-17762 | 1 Episerver | 1 Episerver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx. | |||||
| CVE-2017-16349 | 1 Sap | 1 Business Planning And Consolidation | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability. | |||||
| CVE-2017-15725 | 1 Devada | 1 Dzone Answerhub | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An XML External Entity Injection vulnerability exists in Dzone AnswerHub. | |||||
| CVE-2017-15691 | 1 Apache | 4 Uima-as, Uimaducc, Uimafit and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content. | |||||