Total
1111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4643 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. | |||||
| CVE-2020-4606 | 2 Ibm, Microsoft | 2 Security Verify Privilege Manager, Windows | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883. | |||||
| CVE-2020-4510 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.5 MEDIUM | 5.5 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182365. | |||||
| CVE-2020-4509 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364. | |||||
| CVE-2020-4481 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848. | |||||
| CVE-2020-4463 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484. | |||||
| CVE-2020-4462 | 1 Ibm | 2 Sterling External Authentication Server, Sterling Secure Proxy | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482. | |||||
| CVE-2020-4377 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156. | |||||
| CVE-2020-4300 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607. | |||||
| CVE-2020-4246 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 175481. | |||||
| CVE-2020-3405 | 1 Cisco | 1 Sd-wan Firmware | 2024-11-21 | 4.9 MEDIUM | 7.3 HIGH |
| A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application. | |||||
| CVE-2020-3256 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the Cisco HCM-F Software. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by sending malicious requests that contain references in XML entities to an affected system. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information. | |||||
| CVE-2020-36640 | 1 Bonitasoft | 1 Webservice Connector | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The patch is named a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443. | |||||
| CVE-2020-36124 | 1 Paxtechnology | 1 Paxstore | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user (clients and administrators). | |||||
| CVE-2020-35604 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. | |||||
| CVE-2020-35123 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17. | |||||
| CVE-2020-2324 | 1 Jenkins | 1 Cvs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2284 | 1 Jenkins | 1 Liquibase Runner | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||