CVE-2022-0861

LOW Year: 2022
CVSS v3 Score
3.8
Low
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.

Related Vulnerabilities

CVE-2020-26229

LOW
CVSS:3.7(Low)

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerabi...

CWE-6112020

CVE-2021-21470

LOW
CVSS:3.6(Low)

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which ...

CWE-6112021

CVE-2020-11885

MEDIUM
CVSS:4.0(Medium)

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded...

CWE-6112020

CVE-2025-29932

MEDIUM
CVSS:4.1(Medium)

In JetBrains GoLand before 2025.1 an XXE during debugging was possible

CWE-6112025

CVE-2019-2861

MEDIUM
CVSS:4.2(Medium)

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high ...

CWE-6112019

CVE-2015-3160

MEDIUM
CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing en...

CWE-6112015