• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-611

CVE-2022-37189

February 23, 2023 by godfreyd94

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe ‘xml.etree’ library to parse untrusted XML input.

CVE-2022-36773

February 23, 2023 by godfreyd94

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.

CVE-2022-35741

February 23, 2023 by godfreyd94

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server.

CVE-2022-35168

February 23, 2023 by godfreyd94

Due to improper input sanitization of XML input in SAP Business One – version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.

CVE-2022-34793

February 23, 2023 by godfreyd94

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2022-34348

February 23, 2023 by godfreyd94

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 93
  • Go to page 94
  • Go to page 95
  • Go to page 96
  • Go to page 97
  • Interim pages omitted …
  • Go to page 107
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE