Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23926 | 4 Apache, Debian, Netapp and 1 more | 6 Xmlbeans, Debian Linux, Oncommand Unified Manager Core Package and 3 more | 2022-07-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. | |||||
| CVE-2020-24052 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. | |||||
| CVE-2020-24589 | 1 Wso2 | 2 Api Manager, Api Microgateway | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | |||||
| CVE-2020-4377 | 1 Ibm | 1 Cognos Analytics | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156. | |||||
| CVE-2020-9352 | 1 Smartclient | 1 Smartclient | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. | |||||
| CVE-2020-24590 | 1 Wso2 | 2 Api Manager, Api Microgateway | 2020-08-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. | |||||
| CVE-2014-2228 | 1 Talend | 1 Restlet | 2020-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | |||||
| CVE-2013-4335 | 1 Openpne | 1 Opopensocialplugin | 2020-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities | |||||