PT-2023-12701 · Ibm · Ibm Tivoli Workload Scheduler

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Workload Scheduler versions 9.4 through 10.1 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume...

Ubuntu: Security Advisory (USN-4774-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-19601 · Jenkins · Jenkins Mstest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MSTest Plugin version 1.0.0 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. Recommendations: For Jenkins MSTest Plugin version 1.0.0 and...

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2023-18594 · Zoho · Zoho Manageengine Exchange Reporter Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Exchange Reporter Plus versions prior to 5708 Description: The issue allows attackers to conduct XXE XML External Entity attacks. This type of attack occurs when an application parses XML input that contains malicious extern...

The vulnerability of the dynamic data management framework Apache Calcite, related to incorrect restrictions on XML links to external objects, allows attackers to perform XXE attacks.

The vulnerability of the Apache Calcite dynamic data management framework is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using specially created XML code...

CVE-2022-40771

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure...

CVE-2022-40771

CVE-2022-40771 affects Zoho ManageEngine ServiceDesk Plus versions 13010 and earlier. The vulnerability is an XML External Entity (XXE) issue in the Analytics Plus integration that can lead to information disclosure. The CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N with a base score of...

Information Disclosure

pki-core is vulnerable to Information Disclosure. An attacker is able to retrieve the content of arbitrary files by sending specially crafted HTTP requests causing xml external entity attacks...

PT-2022-27498 · Jenkins · Jenkins Sourcemonitor Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SourceMonitor Plugin versions 0.2 and earlier Description: The issue allows attackers to control XML input files for the 'Publish SourceMonitor results' post-build step, enabling them to have agent processes parse a crafted file that...

CVE-2022-45386

Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-45395

Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Bruhn NewTech CBRN-Analysis 代码问题漏洞

Bruhn NewTech CBRN-Analysis is an advanced, off-the-shelf CBRN defense knowledge management software application from Bruhn NewTech. It provides knowledge management, hazard prediction, and warning and reporting W&R capabilities to support operational planning and execution. A security...

Trellix IPS Manager 代码问题漏洞

Trellix IPS Manager is a next-generation IPS for local and virtual networks from American FireEye Trellix. A security vulnerability exists in Trellix IPS Manager versions prior to 10.1 M8, which stems from the ability to import a saved XML configuration file through an external entity attack by a...

PT-2022-25741 · Jenkins · Jenkins Compuware Common Configuration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Common Configuration Plugin versions 1.0.14 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can change the contents o...

The vulnerability of the DOMDeserializer component in the FasterXML jackson-databind library allows attackers to execute XXE attacks.

The vulnerability of the DOMDeserializer component in the FasterXML jackson-databind library is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a remote attacker to perform XXE attacks...

PT-2022-23616 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume...

CVE-2022-36773

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571...

CVE-2022-22489

IBM MQ 8.0, 9.0, 9.1, 9.2 LTS, and 9.1 and 9.2 CD are vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339...

CVE-2022-2458

XML external entity injectionXXE is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML...