Ivanti Avalanche decodeToMap XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decodeToMap method. Due to the improper restriction of XML External Entity...

CVE-2023-32567

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236...

CVE-2023-32567

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236...

CVE-2023-32567

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236...

CVE-2023-32567

Ivanti Avalanche contains an XXE-related vulnerability in the decodeToMap XML processing, enabling potential information disclosure in affected installations. The issue stems from improper handling of XML External Entity references within the decodeToMap method. Public advisories (ZDI-23-1167) de...

VBASE VISAM Automation Base FB File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

VBASE VISAM Automation Base VBASE-Editor GestureConfigurations File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

PT-2023-14017 · Visam · Visam Vbase Automation Base

Name of the Vulnerable Software and Affected Versions: VISAM VBASE Automation Base versions prior to 11.7.5 Description: The issue may disclose information if a valid user opens a specially crafted file. This is related to XML External Entity Processing in the FB.XML file parsing. Recommendations...

Microsoft Exchange RecipientProvisioningDefinition External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the RecipientProvisioningDefinition class. Due to the improper restriction of XML...

CVE-2022-38419 Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...

Security Bulletin: Improper Restriction of XML External Entity Reference in liquibase prior to 4.8.0 Affects IBM Partner Engagement Manager (CVE-2022-0839)

Summary IBM Sterling Partner Engagement Manager uses Liquibase that is vulnerable to XML external entity processing, caused by improper validation of user-supplied input by the XMLChangeLogSAXParser function. A remote attacker could exploit this vulnerability to input a malicious XML reference to...

CVE-2022-37189

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...

CVE-2022-2838

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

XXE vulnerability in Jenkins Job Import Plugin

An XML external entity XXE processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to rea...

(0Day) Delta Industrial Automation DRAS DSCP Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DRAS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Schneider Electric SCADAPack Workbench isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric SCADAPack Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

SUSE: Security Advisory (SUSE-SU-2018:2899-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Jenkins pom2config XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins pom2config. Authentication is required to exploit this vulnerability. The specific flaw exists within the Pom2Config class. Due to the improper restriction of XML External Entity XXE...

Micro Focus Solutions Business Manager Code Issue Vulnerability

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A security...

CVE-2019-18943

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing XXE on certain operations...