CWE:
 

Topic
Date
Author
High
SAP JAVA NetWeaver System Connections XML Injection
23.10.2021
Pablo Artuso
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
High
Agorum Core Pro 7.8.1.4-251 XXE Injection
14.04.2017
Dr. Erlijn van Genucht...
High
USB Pratirodh XXE Injection
17.03.2017
Sachin Wagh
High
SAP NetWeaver 7.4 XXE Injection
24.11.2015
Roman Bezhan
High
Oracle E-Business Suite 12.1.3 XXE Injection
30.10.2015
erpscan
High
SAP Mobile Platform 3 XXE Injection
10.09.2015
Vahagn Vardanyan
High
Qlikview 11.20 SR4 Blind XXE Injection
09.09.2015
Alex Haynes
High
SAP NetWeaver Portal XMLValidationComponent XXE
25.06.2015
Vahagn Vardanyan
Med.
JobScheduler XML eXternal Entity Injection
09.09.2014
Christian Schneider


CVEMAP Search Results

CVE
Details
Description
2022-08-05
Waiting for details
CVE-2022-1704

Updating...
 

 
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.

 
2022-07-12
Medium
CVE-2022-35168

Vendor: SAP
Software: Business one
 

 
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.

 
2022-07-07
Medium
CVE-2021-41042

Vendor: Eclipse
Software: LYO
 

 
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.

 
2022-06-30
Medium
CVE-2022-34793

Vendor: Jenkins
Software: Recipe
 

 
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

 
2022-06-21
Medium
CVE-2021-40510

Vendor: Obdasystems
Software: Mastro
 

 

 
2022-06-14
Low
CVE-2022-32285

Vendor: Mendix
Software: SAML
 

 
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances.

 
2022-05-20
Medium
CVE-2022-29801

Vendor: Siemens
Software: Teamcenter
 

 
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

 
2022-05-17
Medium
CVE-2022-30971

Vendor: Jenkins
Software: Storable configs
 

 
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

 
2022-05-05
Medium
CVE-2022-28890

Vendor: Apache
Software: JENA
 

 
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.

 
2022-05-04
Low
CVE-2022-20780

Vendor: Cisco
Software: Enterprise n...
 

 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top