Vulnerabilities (CVE)

CWE filter

CWE-611

Filter

413 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1060 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2019-10-11 9.3
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
CVE-2016-7051 1 Fasterxml 2 Jackson, Jackson-dataformat-xml 2019-10-10 5.0
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
CVE-2019-14277 1 Axway 1 Securetransport 2019-10-10 7.5
** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can...
CVE-2019-6179 1 Lenovo 1 Xclarity Administrator 2019-10-09 5.0
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity...
CVE-2019-4513 1 Ibm 1 Security Access Manager For Enterprise Single Sign-on 2019-10-09 6.4
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume...
CVE-2019-4456 1 Ibm 1 Daeja Viewone 2019-10-09 5.5
IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or...
CVE-2019-4433 1 Ibm 2 Infosphere Global Name Management, Infosphere Identity Insight 2019-10-09 6.4
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to...
CVE-2019-4424 1 Ibm 2 Business Automation Workflow, Business Process Manager 2019-10-09 6.4
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive...
CVE-2019-4419 1 Ibm 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics 2019-10-09 6.4
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
CVE-2019-4340 1 Ibm 1 Security Guardium Big Data Intelligence 2019-10-09 6.4
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
CVE-2019-4208 1 Ibm 1 Tririga Application Platform 2019-10-09 5.5
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
CVE-2019-4062 1 Ibm 1 I2 Intelligent Analysis Platform 2019-10-09 5.5
IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
CVE-2019-4043 1 Ibm 1 Sterling B2b Integrator 2019-10-09 5.5
IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume...
CVE-2019-3774 1 Pivotal Software 1 Spring Batch 2019-10-09 7.5
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3773 1 Pivotal Software 1 Spring Web Services 2019-10-09 7.5
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3772 2 Pivotal Software, Oracle 2 Spring Integration, Retail Customer Management And Segmentation Foundation 2019-10-09 7.5
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3722 1 Dell 1 Emc Openmanage Server Administrator 2019-10-09 5.0
Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read...
CVE-2019-1903 1 Cisco 1 Security Manager 2019-10-09 6.4
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker...
CVE-2019-1698 2019-10-09 4.0
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The...
CVE-2019-15637 2019-10-09 5.5
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.