84 matches found
Adobe Experience Manager - XML External Entity Injection
Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...
CVE-2025-6438
Schneider Electric EcoStruxure IT Data Center Expert (prior to 9.0; affected versions 8.3 and earlier) is affected by CVE-2025-6438: XML External Entity (XXE) injection via the DataExchange SOAP route, enabling unauthenticated or low-privilege exploitation to read local files and potentially caus...
CVE-2024-12298
We found a vulnerability Improper Restriction of XML External Entity Reference CWE-611 in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer...
CVE-2025-4639
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0...
CVE-2025-4639 Improper Restriction of XML External Entity Reference in Peergos
CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0...
Security Bulletin: XML External Entity Injection attack in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-22354).
Summary IBM Storage Protect Operations Center may be affected by loss of confidentiality, availability and integrity of host system caused by XML External Entity Injection XXE attack in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere...
Security Bulletin: IBM Master Data Managemenet is vulnerable to an XML injection for an XXE attack due to vulnerability found in IBM Websphere Application Server (CVE-2024-45086)
Summary IBM Master Data Managemenet v11.6, v12.0, and v14.0 are vulnerable to an XML injection attack due to vulnerability found in IBM Websphere Application Server.: IBM Master Data Managemenet is vulnerable to an XML injection attack due to vulnerability found in IBM Websphere Application Serve...
CVE-2024-12298 Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer
We found a vulnerability Improper Restriction of XML External Entity Reference CWE-611 in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer...
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
Summary IBM Engineering Lifecycle Optimization - Engineering Insights ENI is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. In XML parsers, when XML...
Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)
Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details CVEID:CVE-2024-45086 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when...
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
Summary XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...
Security Bulletin: IBM Operations Analytics - Log Analysis is vulnerable to an XML External Entity Injection (XXE) vulnerability
Summary There is a potential XML External Entity Injection XXE vulnerability with reload4j library that is used in IBM Operations Analytics - Log Analysis. This has been addressed. Vulnerability Details IBM X-Force ID: 294027 DESCRIPTION: QOS.CH reload4j allow a remote attacker to obtain sensitiv...
Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Data Mapper for Jackson
Summary IBM B2B Advanced Communications has addressed vulnerabilities in Data Mapper for Jackson shipped with product. Vulnerability Details CVEID:CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE err...
Journyx 11.5.4 XML Injection
KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection Title: Journyx Unauthenticated XML External Entities Injection Advisory ID: KL-001-2024-010 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt 1. Vulnerability Detail...
Journyx 11.5.4 XML Injection Vulnerability
Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...
JVN#77736613: Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
"Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposu...
JVN#40049211: Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software Update the software to t...
Eclipse IDE XXE in eclipse.platform
Impact xml files like ".project" are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch. Vulnerablility was found by static code analysis SonarLint...
JVN#14762986: Improper restriction of XML external entity references (XXE) in e-Tax software
e-Tax software provided by National Tax Agency improperly restricts XML external entity references XXE CWE-611 due to the configuration of the embedded XML parser. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software...
JVN#37857022: Improper restriction of XML external entity references (XXE) in Applicant Programme
Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the latest...