Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-9487

Summary
Assigner-debian
Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At-17 Oct, 2017 | 14:00
Updated At-06 Aug, 2024 | 13:47
Rejected At-
Credits

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:debian
Assigner Org ID:79363d38-fa19-49d1-9214-5f28da3f3ac5
Published At:17 Oct, 2017 | 14:00
Updated At:06 Aug, 2024 | 13:47
Rejected At:
▼CVE Numbering Authority (CNA)

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2015/01/03/13
mailing-list
x_refsource_MLIST
https://security.gentoo.org/glsa/201502-04
vendor-advisory
x_refsource_GENTOO
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1175828
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2015/01/03/13
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://security.gentoo.org/glsa/201502-04
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1175828
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2015/01/03/13
mailing-list
x_refsource_MLIST
x_transferred
https://security.gentoo.org/glsa/201502-04
vendor-advisory
x_refsource_GENTOO
x_transferred
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
mailing-list
x_refsource_MLIST
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1175828
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2015/01/03/13
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201502-04
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1175828
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@debian.org
Published At:17 Oct, 2017 | 14:29
Updated At:20 Apr, 2025 | 01:37

The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19
cpe:2.3:a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19
cpe:2.3:a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19
cpe:2.3:a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.0
cpe:2.3:a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.1
cpe:2.3:a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.2
cpe:2.3:a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.3
cpe:2.3:a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.4
cpe:2.3:a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.5
cpe:2.3:a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.6
cpe:2.3:a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.7
cpe:2.3:a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.8
cpe:2.3:a:mediawiki:mediawiki:1.19.8:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.9
cpe:2.3:a:mediawiki:mediawiki:1.19.9:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.10
cpe:2.3:a:mediawiki:mediawiki:1.19.10:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.11
cpe:2.3:a:mediawiki:mediawiki:1.19.11:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.12
cpe:2.3:a:mediawiki:mediawiki:1.19.12:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.13
cpe:2.3:a:mediawiki:mediawiki:1.19.13:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.14
cpe:2.3:a:mediawiki:mediawiki:1.19.14:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.15
cpe:2.3:a:mediawiki:mediawiki:1.19.15:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.16
cpe:2.3:a:mediawiki:mediawiki:1.19.16:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.17
cpe:2.3:a:mediawiki:mediawiki:1.19.17:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.18
cpe:2.3:a:mediawiki:mediawiki:1.19.18:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.19
cpe:2.3:a:mediawiki:mediawiki:1.19.19:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.20
cpe:2.3:a:mediawiki:mediawiki:1.19.20:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.21
cpe:2.3:a:mediawiki:mediawiki:1.19.21:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.19.22
cpe:2.3:a:mediawiki:mediawiki:1.19.22:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.0
cpe:2.3:a:mediawiki:mediawiki:1.22.0:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.0
cpe:2.3:a:mediawiki:mediawiki:1.22.0:rc1:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.1
cpe:2.3:a:mediawiki:mediawiki:1.22.1:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.2
cpe:2.3:a:mediawiki:mediawiki:1.22.2:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.3
cpe:2.3:a:mediawiki:mediawiki:1.22.3:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.4
cpe:2.3:a:mediawiki:mediawiki:1.22.4:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.5
cpe:2.3:a:mediawiki:mediawiki:1.22.5:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.6
cpe:2.3:a:mediawiki:mediawiki:1.22.6:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.7
cpe:2.3:a:mediawiki:mediawiki:1.22.7:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.8
cpe:2.3:a:mediawiki:mediawiki:1.22.8:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.9
cpe:2.3:a:mediawiki:mediawiki:1.22.9:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.10
cpe:2.3:a:mediawiki:mediawiki:1.22.10:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.11
cpe:2.3:a:mediawiki:mediawiki:1.22.11:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.12
cpe:2.3:a:mediawiki:mediawiki:1.22.12:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.13
cpe:2.3:a:mediawiki:mediawiki:1.22.13:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.22.14
cpe:2.3:a:mediawiki:mediawiki:1.22.14:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.23.0
cpe:2.3:a:mediawiki:mediawiki:1.23.0:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.23.1
cpe:2.3:a:mediawiki:mediawiki:1.23.1:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.23.2
cpe:2.3:a:mediawiki:mediawiki:1.23.2:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.23.3
cpe:2.3:a:mediawiki:mediawiki:1.23.3:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.23.4
cpe:2.3:a:mediawiki:mediawiki:1.23.4:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.23.5
cpe:2.3:a:mediawiki:mediawiki:1.23.5:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.23.6
cpe:2.3:a:mediawiki:mediawiki:1.23.6:*:*:*:*:*:*:*
Wikimedia Foundation
mediawiki
>>mediawiki>>1.23.7
cpe:2.3:a:mediawiki:mediawiki:1.23.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-611Primarynvd@nist.gov
CWE ID: CWE-611
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2015/01/03/13security@debian.org
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1175828security@debian.org
Issue Tracking
Third Party Advisory
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.htmlsecurity@debian.org
Vendor Advisory
https://security.gentoo.org/glsa/201502-04security@debian.org
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/03/13af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1175828af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://security.gentoo.org/glsa/201502-04af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2015/01/03/13
Source: security@debian.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1175828
Source: security@debian.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
Source: security@debian.org
Resource:
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201502-04
Source: security@debian.org
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2015/01/03/13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1175828
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201502-04
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

167Records found
CVE-2021-34436
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.50% / 87.14%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 20:55
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2015-7326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.96% / 82.75%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3.

Action-Not Available
Vendor-miltonn/a
Product-webdavn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-7464
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.7||HIGH
EPSS-0.56% / 67.39%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 12:00
Updated-05 Aug, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-jboss_enterprise_application_platformJBoss
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-23792
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.28% / 51.18%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 20:05
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML External Entity (XXE) Injection

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.

Action-Not Available
Vendor-twelvemonkeys_projectn/a
Product-twelvemonkeyscom.twelvemonkeys.imageio:imageio-metadata
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-23418
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.3||MEDIUM
EPSS-0.38% / 58.73%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 17:50
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML External Entity (XXE) Injection

The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

Action-Not Available
Vendor-glances_projectn/a
Product-glancesGlances
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2019-11677
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.22% / 88.31%
||
7 Day CHG-1.74%
Published-02 May, 2019 | 13:06
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_firewall_analyzern/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-8027
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.97% / 85.98%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 13:00
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2019-0228
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-7.83% / 91.64%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:07
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFedora ProjectOracle Corporation
Product-banking_trade_finance_process_managementpeoplesoft_enterprise_peopletoolsbanking_supply_chain_financepdfboxcommunications_messaging_serverhyperion_financial_reportingfedoraretail_xstore_point_of_servicejamesbanking_corporate_lending_process_managementcommunications_session_report_managerwebcenter_sitesbanking_credit_facilities_process_managementbanking_virtual_account_managementApache PDFBox
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2019-1010268
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-13.24% / 93.88%
||
7 Day CHG~0.00%
Published-18 Jul, 2019 | 16:05
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688. The attack vector is: Send a specially crafted SOAP call.

Action-Not Available
Vendor-ladon_projectLadon
Product-ladonLadon
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-8940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.16%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 18:12
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue.

Action-Not Available
Vendor-enghousen/a
Product-contact_center\n/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-3206
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.53% / 80.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 17:00
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Action Message Format (AMF3) deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages

The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.

Action-Not Available
Vendor-exadelExadel
Product-flamingoFlamingo amf-serializer
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-6489
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.82%
||
7 Day CHG~0.00%
Published-22 Feb, 2018 | 22:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)

Action-Not Available
Vendor-n/aMicro Focus International Limited
Product-project_and_portfolio_management_centern/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-6486
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.70%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.

Action-Not Available
Vendor-Micro Focus International Limited
Product-fortify_audit_workbenchfortify_software_security_centerFortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-3881
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.4||CRITICAL
EPSS-1.98% / 82.81%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 20:00
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise.

Action-Not Available
Vendor-focalscopeFocalScope
Product-focalscopeFocalscope
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2019-12924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.17%
||
7 Day CHG+0.02%
Published-08 Jul, 2019 | 21:00
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).

Action-Not Available
Vendor-mailenablen/a
Product-mailenablen/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2021-1628
Matching Score-4
Assigner-Salesforce, Inc.
ShareView Details
Matching Score-4
Assigner-Salesforce, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.79%
||
7 Day CHG~0.00%
Published-26 Mar, 2021 | 16:19
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021.

Action-Not Available
Vendor-salesforcen/a
Product-muleMulesoft
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-8540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-22.47% / 95.62%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 16:15
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centraln/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found