Przykłady dla CWE-611: Information Exposure Through XML External Entity Reference

	Tytuł	Data	Autor
High	SAP JAVA NetWeaver System Connections XML Injection	23.10.2021	Pablo Artuso
Med.	OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure	02.07.2018	Secator
High	Agorum Core Pro 7.8.1.4-251 XXE Injection	14.04.2017	Dr. Erlijn van Genucht...
High	USB Pratirodh XXE Injection	17.03.2017	Sachin Wagh
High	SAP NetWeaver 7.4 XXE Injection	24.11.2015	Roman Bezhan
High	Oracle E-Business Suite 12.1.3 XXE Injection	30.10.2015	erpscan
High	SAP Mobile Platform 3 XXE Injection	10.09.2015	Vahagn Vardanyan
High	Qlikview 11.20 SR4 Blind XXE Injection	09.09.2015	Alex Haynes
High	SAP NetWeaver Portal XMLValidationComponent XXE	25.06.2015	Vahagn Vardanyan
Med.	JobScheduler XML eXternal Entity Injection	09.09.2014	Christian Schneider

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2022-05-05

Medium

CVE-2022-28890

Vendor: Apache
Software: JENA

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.

2022-05-04

Low

CVE-2022-20780

Vendor: Cisco
Software: Enterprise n...

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

2022-05-03

Low	CVE-2022-1331	Vendor: Deltaww Software: Dmars	In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.
High	CVE-2022-21949	Vendor: Opensuse Software: Open build s...	A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.

2022-04-21

Medium

CVE-2022-0272

Vendor: Detekt
Software: Detekt

Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.

2022-04-20

Low

CVE-2021-43990

Vendor: Fanuc
Software: Roboguide

The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call.

2022-04-13

Low

CVE-2022-0221

Vendor: Schneider-electric
Software: Scadapack wo...

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)

2022-04-05

Medium

CVE-2022-28219

Vendor: Zohocorp
Software: Manageengine...

Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

2022-03-30

Medium	CVE-2021-33208	Vendor: Softwareag Software: Mashzone nextgen	The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.
Medium	CVE-2021-43142	Vendor: Jox project Software: JOX	An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSAXBeanInput.

23.10.2021

02.07.2018

14.04.2017

17.03.2017

24.11.2015

30.10.2015

10.09.2015

09.09.2015

25.06.2015

09.09.2014