CWE:
 

Topic
Date
Author
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
High
Agorum Core Pro 7.8.1.4-251 XXE Injection
14.04.2017
Dr. Erlijn van Genucht...
High
USB Pratirodh XXE Injection
17.03.2017
Sachin Wagh
High
SAP NetWeaver 7.4 XXE Injection
24.11.2015
Roman Bezhan
High
Oracle E-Business Suite 12.1.3 XXE Injection
30.10.2015
erpscan
High
SAP Mobile Platform 3 XXE Injection
10.09.2015
Vahagn Vardanyan
High
Qlikview 11.20 SR4 Blind XXE Injection
09.09.2015
Alex Haynes
High
SAP NetWeaver Portal XMLValidationComponent XXE
25.06.2015
Vahagn Vardanyan
Med.
JobScheduler XML eXternal Entity Injection
09.09.2014
Christian Schneider


CVEMAP Search Results

CVE
Details
Description
2018-06-13
Medium
CVE-2018-5434

Vendor: Tibco
Software: Runtime agent
 

 
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.

 
Medium
CVE-2018-5433

Vendor: Tibco
Software: Administrator
 

 
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.

 
2018-06-11
Medium
CVE-2017-3208

Vendor: Themidnightcoders
Software: Weborb for java
 

 
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.

 
Medium
CVE-2017-3206

Vendor: Exadel
Software: Flamingo
 

 
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.

 
2018-06-07
Low
CVE-2018-6670

Updating...
 

 
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.

 
2018-06-06
Medium
CVE-2018-1456

Vendor: IBM
Software: Rational rha...
 

 
IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091.

 
2018-06-05
Low
CVE-2018-1000198

Vendor: Jenkins
Software: Black duck hub
 

 
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.

 
2018-06-04
Medium
CVE-2018-10613

Vendor: GE
Software: Mds pulsenet
 

 
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.

 
2018-05-23
Medium
CVE-2018-1309

Vendor: Apache
Software: NIFI
 

 
Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

 
Medium
CVE-2018-10653

Vendor: Citrix
Software: Xenmobile server
 

 
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top