Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-8980

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-01 Feb, 2017 | 20:00
Updated At-06 Aug, 2024 | 02:35
Rejected At-
Credits

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:01 Feb, 2017 | 20:00
Updated At:06 Aug, 2024 | 02:35
Rejected At:
▼CVE Numbering Authority (CNA)

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Affected Products
Vendor
IBM CorporationIBM Corporation
Product
BigFix Inventory
Versions
Affected
  • 9.2
Problem Types
TypeCWE IDDescription
textN/AObtain Information
Type: text
CWE ID: N/A
Description: Obtain Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/95141
vdb-entry
x_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg21995013
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/95141
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21995013
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/95141
vdb-entry
x_refsource_BID
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21995013
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/95141
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21995013
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:01 Feb, 2017 | 20:59
Updated At:20 Apr, 2025 | 01:37

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.1HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:S/C:P/I:N/A:C
Type: Primary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:C
CPE Matches
IBM Corporation
ibm
>>license_metric_tool>>9.2.0
cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*
HP Inc.
hp
>>hp-ux>>*
cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>aix>>*
cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>solaris>>*
cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>bigfix_inventory>>9.2
cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-611Primarynvd@nist.gov
CWE ID: CWE-611
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.ibm.com/support/docview.wss?uid=swg21995013psirt@us.ibm.com
Vendor Advisory
http://www.securityfocus.com/bid/95141psirt@us.ibm.com
Third Party Advisory
VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21995013af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/95141af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21995013
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/95141
Source: psirt@us.ibm.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21995013
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/95141
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

190Records found
CVE-2017-1666
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.66% / 71.20%
||
7 Day CHG~0.00%
Published-09 Jan, 2018 | 20:00
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-1527
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.54% / 67.78%
||
7 Day CHG~0.00%
Published-26 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.

Action-Not Available
Vendor-IBM Corporation
Product-business_process_managerBusiness Process Manager Advanced
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-1477
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.58% / 69.08%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_manager_9.0_firmwareSecurity Access Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-1458
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.66% / 71.20%
||
7 Day CHG~0.00%
Published-05 Sep, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_network_securityQRadar Network Security
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-1149
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.36% / 58.06%
||
7 Day CHG~0.00%
Published-25 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-1103
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.38% / 59.34%
||
7 Day CHG~0.00%
Published-10 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.

Action-Not Available
Vendor-IBM Corporation
Product-rational_team_concertrational_quality_managerRational Collaborative Lifecycle Management
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-9707
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.36% / 58.06%
||
7 Day CHG~0.00%
Published-31 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_software_architect_design_managerrational_team_concertrational_collaborative_lifecycle_managementrational_engineering_lifecycle_managerrational_rhapsody_design_managerrational_quality_managerRational Collaborative Lifecycle Management
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-9698
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.56% / 68.24%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.

Action-Not Available
Vendor-IBM Corporation
Product-rational_rhapsody_design_managerRational Rhapsody Design ManagerRational Rhapsody Design Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-8974
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.38% / 59.34%
||
7 Day CHG~0.00%
Published-23 Feb, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798.

Action-Not Available
Vendor-IBM Corporation
Product-rational_rhapsody_design_managerRational Rhapsody Design Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-3033
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.55% / 68.01%
||
7 Day CHG~0.00%
Published-01 Dec, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aIBM Corporation
Product-appscan_sourcen/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-3055
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.55% / 68.01%
||
7 Day CHG~0.00%
Published-01 Dec, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aIBM Corporation
Product-filenet_workplacen/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-9724
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.38% / 59.34%
||
7 Day CHG~0.00%
Published-07 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-6059
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.36% / 58.06%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverinfosphere_datastageinfosphere_information_server_on_cloudInfoSphere Information Server
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-3039
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.66% / 71.26%
||
7 Day CHG~0.00%
Published-17 Jul, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aIBM Corporation
Product-travelern/a
CVE-2018-1844
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.33% / 56.09%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 12:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.

Action-Not Available
Vendor-IBM Corporation
Product-filenet_content_managerFileNet Content Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2025-12531
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.10% / 26.30%
||
7 Day CHG~0.00%
Published-03 Nov, 2025 | 19:47
Updated-05 Nov, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1747
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.33% / 56.09%
||
7 Day CHG-0.02%
Published-15 Oct, 2018 | 13:00
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1835
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.29% / 52.00%
||
7 Day CHG~0.00%
Published-02 Nov, 2018 | 15:00
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.

Action-Not Available
Vendor-IBM Corporation
Product-daeja_viewoneDaeja ViewONE
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-4554
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.9||MEDIUM
EPSS-0.03% / 9.79%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 20:56
Updated-29 May, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML External Entity (XXE) Processing

Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationOpen Text Corporation
Product-appbuilderwindowslinux_kernelAppBuilder
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-45192
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 19.20%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 18:49
Updated-08 Oct, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management DOORS Next XML external entity injection

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.

Action-Not Available
Vendor-IBM Corporation
Product-doors_nextEngineering Requirements Management DOORS Next
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1845
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.38% / 59.26%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 15:10
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-infosphere_information_server_business_glossarylinux_kernelinfosphere_information_server_metadata_workbenchwindowsinfosphere_governance_cataloginfosphere_information_serveraixinfosphere_information_server_on_cloudInfoSphere Information Server
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1801
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.93%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.

Action-Not Available
Vendor-IBM Corporation
Product-app_connectintegration_buswebsphere_message_brokerIntegration BusWebSphere Message BrokerApp Connect
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1702
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.33% / 56.09%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 13:00
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_symphonyplatform_symphonySpectrum SymphonyPlatform Symphony
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1669
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.38% / 59.61%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 16:00
Updated-16 Sep, 2024 | 22:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower GatewaysDataPower Gateway CD
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2025-0162
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.83%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 16:38
Updated-01 Sep, 2025 | 01:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Shares XML external entity injection

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_sharesAspera Shares
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-35389
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.87%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-27 Feb, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.0
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-35892
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.02% / 6.41%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 23:45
Updated-26 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Financial Transaction Manager for SWIFT Services XML external entity injection

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_managerFinancial Transaction Manager for SWIFT Services
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-36419
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.68% / 71.66%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-11 Feb, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability

Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_hdinsightAzure HDInsight
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1727
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.42% / 61.73%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 20:00
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-33813
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.39% / 80.50%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 11:18
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

Action-Not Available
Vendor-jdomn/aThe Apache Software FoundationFedora ProjectDebian GNU/LinuxOracle Corporation
Product-debian_linuxsolrcommunications_messaging_serverfedoratikajdomn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1588
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.34% / 56.77%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 16:00
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501.

Action-Not Available
Vendor-IBM Corporation
Product-rational_engineering_lifecycle_managerRational Engineering Lifecycle Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1607
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.34% / 56.77%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 16:00
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797.

Action-Not Available
Vendor-IBM Corporation
Product-rational_engineering_lifecycle_managerRational Engineering Lifecycle Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1542
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.43% / 62.82%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597.

Action-Not Available
Vendor-IBM Corporation
Product-filenet_content_managercontent_foundationFileNet P8 Platform
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1421
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.31% / 53.85%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 18:00
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023.

Action-Not Available
Vendor-IBM Corporation
Product-datapower_gatewayDataPower Gateways
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-32327
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.05% / 14.07%
||
7 Day CHG~0.00%
Published-03 Feb, 2024 | 00:57
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Container XML external entity injection

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Docker
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-14720
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 87.38%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationFasterXML, LLC.Debian GNU/Linux
Product-debian_linuxprimavera_unifiercommunications_billing_and_revenue_managementjackson-databindenterprise_manager_for_virtualizationfinancial_services_analytical_applications_infrastructureopenshift_container_platformjdeveloperbanking_platformjboss_enterprise_application_platformretail_merchandising_systemwebcenter_portaln/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-1364
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.53% / 67.20%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 16:00
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.

Action-Not Available
Vendor-IBM Corporation
Product-content_navigatorContent Navigator
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1285
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-72.06% / 98.77%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 16:41
Updated-05 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

Action-Not Available
Vendor-n/aNetApp, Inc.The Apache Software FoundationFedora ProjectOracle Corporation
Product-manageability_software_development_kitfedorahospitality_simphonyhospitality_opera_5application_testing_suitelog4netsnapcenterApache log4net
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-11761
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-11.03% / 93.48%
||
7 Day CHG~0.00%
Published-19 Sep, 2018 | 14:00
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-tikabusiness_process_management_suiteApache Tika
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-0765
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-9.91% / 93.05%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 19:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1.net_corewindows_rt_8.1windows_7windows_10.net_frameworkwindows_server_2008n/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-0878
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-3.1||LOW
EPSS-41.77% / 97.44%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-04 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_8.1windows_server_2008windows_rt_8.1windows_10windows_server_2012windows_7windows_server_2016Windows Remote Assistance
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-29831
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.66% / 71.30%
||
7 Day CHG~0.00%
Published-21 Sep, 2021 | 16:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_guijazz_for_service_managementJazz for Service Management
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2015-2125
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4||MEDIUM
EPSS-31.03% / 96.77%
||
7 Day CHG~0.00%
Published-07 Jun, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-webinspectn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-27554
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 2.04%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 19:25
Updated-24 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server XML external entity injection

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-27874
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.09% / 78.03%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 14:33
Updated-26 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex XML external entity injection

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-aspera_faspexlinux_kernelAspera Faspex
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1730
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.36% / 58.11%
||
7 Day CHG~0.00%
Published-05 Dec, 2018 | 17:00
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerQRadar SIEM
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2015-0194
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_file_gatewaysterling_b2b_integratorn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-2401
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-2.96% / 86.56%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-26 Sep, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-bi_publisherBI Publisher (formerly XML Publisher)
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-8710
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-33.10% / 96.93%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Microsoft Common Console Document (.msc)
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-21862
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-0.96% / 76.57%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-17 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: XML Security component). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Services Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Services Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-web_services_managerWeb Services Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found