Total
1156 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8082 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 7.5 High |
| Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-7847 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-11-21 | N/A |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user. | ||||
| CVE-2019-7722 | 1 Pmd Project | 1 Pmd | 2024-11-21 | N/A |
| PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.) | ||||
| CVE-2019-7442 | 1 Cyberark | 1 Enterprise Password Vault | 2024-11-21 | N/A |
| An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | ||||
| CVE-2019-6194 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 5.7 Medium |
| An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. | ||||
| CVE-2019-6179 | 1 Lenovo | 2 Xclarity Administrator, Xclarity Integrator | 2024-11-21 | 7.5 High |
| An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure. | ||||
| CVE-2019-5918 | 1 Nablarch Project | 1 Nablarch | 2024-11-21 | N/A |
| Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2019-5748 | 1 Traccar | 1 Server | 2024-11-21 | N/A |
| In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks. | ||||
| CVE-2019-5312 | 1 Wxjava Project | 1 Wxjava | 2024-11-21 | N/A |
| An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318. | ||||
| CVE-2019-4730 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 7.1 High |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533. | ||||
| CVE-2019-4707 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 7.1 High |
| IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018. | ||||
| CVE-2019-4513 | 1 Ibm | 1 Security Access Manager For Enterprise Single Sign-on | 2024-11-21 | 8.2 High |
| IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555. | ||||
| CVE-2019-4456 | 1 Ibm | 1 Daeja Viewone | 2024-11-21 | 7.1 High |
| IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620. | ||||
| CVE-2019-4433 | 1 Ibm | 2 Infosphere Global Name Management, Infosphere Identity Insight | 2024-11-21 | 8.2 High |
| IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890. | ||||
| CVE-2019-4424 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 8.2 High |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. | ||||
| CVE-2019-4419 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 8.2 High |
| IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737. | ||||
| CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2024-11-21 | 8.2 High |
| HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | ||||
| CVE-2019-4340 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 8.2 High |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. | ||||
| CVE-2019-4208 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 7.1 High |
| IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. | ||||
| CVE-2019-4062 | 1 Ibm | 1 I2 Intelligent Analysis Platform | 2024-11-21 | 7.1 High |
| IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. | ||||