Xxe

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing XXE on certain operations...

CVE-2019-18943 XML External Entity processing

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing XXE on certain operations...

Micro Focus Solutions Business Manager 代码问题漏洞

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A security...

CVE-2020-27017

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an XML External Entity Processing XXE vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to...

CVE-2020-27017

Trend Micro IMSVA 9.1 is affected by an XML External Entity Processing (XXE) vulnerability (CVE-2020-27017). An authenticated administrator/root can read arbitrary local files. Root cause involves XML data handling in IMSVA’s Java components. Impact is partial confidentiality (per CVSS) with no i...

Veeam ONE XML External Entity Processing vulnerabilities

Challenge XML External Entity Processing vulnerabilities in Veeam ONE Reporter make possible to read arbitrary files without authentication. Severity : critical CVSS v3 score : 7.5 Cause Veeam ONE Reporter uses XML files for importing and exporting report templates. A remote attacker may send...

Xxe

An XML External Entity XXE processing vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.6.6 that could allow information disclosure...

Advantech WISE-PaaS/RMM AccountMgmt activateAccount XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the improper restriction of XML External...

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

CVE-2019-16188

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity XXE attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the conte...

jenkins-plugin-token-macro: XML External Entity processing the ${XML} macro

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

CVE-2018-11788

A flaw was found in the Apache Karaf XMLInputFactory, where it does not prevent External Entity Processing XXE. This is a potential security risk as an attacker could inject external XML entities to access sensitive information or conduct further attacks...

CVE-2018-13416

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

Security Bulletin: XML External Entity Processing in Castor might affect WebSphere Lombardi Edition (CVE-2014-3004)

Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in WebSphere Lombardi Edition WLE. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information, cause...

Security Bulletin: XML External Entity Processing in Castor might affect IBM Business Process Manager (CVE-2014-3004)

Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in IBM Business Process Manager BPM. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information,...

CVE-2018-1000198

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document...

CVE-2018-10653

There is an XML External Entity XXE Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3...

Xxe

There is an XML External Entity XXE Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3...

CVE-2017-6323

The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6, and ITMS 7.6POSTHF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service,...

CVE-2017-7426

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity XXE handling flaws that could be used by attackers to leak information or cause denial of service attacks...