IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie
project, allowing an attacker to inject malicious XML entities. This
vulnerability occurs due to insecure parsing of XML input u
A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.
An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restri
IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expos
This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server.
This XXE (XML External Entity Injection) vulnerability, with a
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
cause information disclosure, impacts workstation integrity and potential remote code execution on the
co
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensi
An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running process
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker cont
An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted eve
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML extern
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" o
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remot
We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling