CVE-2022-2458

An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial server due to its use of Apache Xerces2 (CVE-2022-23437)

Summary Apache Xerces2 is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to process internal configuration files. This vulnerability is limited to a malicious insider who can find and manipulate these files. Vulnerability Details CVEID: CVE-2022-23437 DESCRIPTION...

GHSA-RM23-6MWV-8Q9Q XML External Entity Reference in Jenkins Recipe Plugin

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-34793

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-34793

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-34793

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2022-22345 · Jenkins · Jenkins Recipe Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Recipe Plugin versions 1.2 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. This allows for potential exploitation. Recommendations: For...

Security Bulletin: IBM Sterling Control Center is vulnerable to a denial of service vulnerability due to Apache Xerces2 Java XML Parser (CVE-2022-23437)

Summary Apache Xerces2 Java XML Parser is used by IBM Sterling Control Center. A denial of service vulnerability in Apache Xerces2 Java XML Parser has been addressed. Vulnerability Details CVEID: CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caus...

XML External Entity (XXE)

xmlbeans is vulnerable to XML External Entity attacks. The vulnerability exists due to the lack of sanitization of XML input containing a reference to an external entity which is processed by a weakly configured XML parser allowing an attacker to exhaust the system resource via recursive external...

EulerOS 2.0 SP3 : xerces-j2 (EulerOS-SA-2022-1772)

According to the versions of the xerces-j2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, t...

Huawei EulerOS: Security Advisory for xerces-j2 (EulerOS-SA-2022-1772)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-PPV9-V43C-XQPP XXE vulnerability in Jenkins pom2config Plugin

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

XXE vulnerability in Jenkins pom2config Plugin

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

GHSA-HR8P-76Q8-FXWQ XXE vulnerability in Jenkins Performance Plugin

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...

XXE vulnerability in Jenkins Performance Plugin

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for extraction of secrets from the Jenkins...

XXE vulnerability in Jenkins OWASP Dependency-Check Plugin

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the...

GHSA-732F-W585-GMPC XXE vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to call webhooks configured to extract parameters using XPath to have Jenkins parse a crafted XML request body that uses...

GHSA-P674-HH8X-RV5H XML external entity vulnerability in Jenkins Nuget Plugin

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This XML parser is used for the "Build on NuGet updates" feature. This allows attackers with the ability to control the contents of the packages.config file in a workspace to have...

GHSA-CPHV-7CXW-5HCC XXE vulnerability in Jenkins Filesystem Trigger Plugin

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Job/Configure permission or otherwise able to control the contents of an XML file being polled for changes to have Jenkins parse a crafted XM...

XXE vulnerability in Jenkins URLTrigger Plugin

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Job/Configure permission or otherwise able to control the contents of an URL to an XML document being examined for changes to have Jenkins parse a...