Total
1111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4424 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. | |||||
| CVE-2019-4419 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737. | |||||
| CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | |||||
| CVE-2019-4340 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. | |||||
| CVE-2019-4208 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. | |||||
| CVE-2019-4062 | 1 Ibm | 1 I2 Intelligent Analysis Platform | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007. | |||||
| CVE-2019-4043 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239. | |||||
| CVE-2019-3774 | 1 Pivotal Software | 1 Spring Batch | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | |||||
| CVE-2019-3773 | 2 Oracle, Pivotal Software | 3 Financial Services Analytical Applications Infrastructure, Flexcube Private Banking, Spring Web Services | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | |||||
| CVE-2019-3772 | 2 Oracle, Vmware | 2 Retail Customer Management And Segmentation Foundation, Spring Integration | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | |||||
| CVE-2019-3768 | 1 Emc | 1 Rsa Authentication Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message. | |||||
| CVE-2019-3752 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request. | |||||
| CVE-2019-3722 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. | |||||
| CVE-2019-3481 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | 7.5 HIGH | 7.1 HIGH |
| Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-2861 | 1 Oracle | 1 Hyperion Planning | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
| Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | |||||
| CVE-2019-20627 | 1 Rbsoft | 1 Autoupdater.net | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | |||||
| CVE-2019-20191 | 1 Sync | 3 Oxygen Xml Author, Oxygen Xml Developer, Oxygen Xml Editor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Oxygen XML Editor 21.1.1 allows XXE to read any file. | |||||
| CVE-2019-20153 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials). | |||||
| CVE-2019-1903 | 1 Cisco | 1 Security Manager | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition. | |||||
| CVE-2019-1698 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected. | |||||