CVE-2022-32755

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-91
View all →

Vulnerability Description

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.

Related Vulnerabilities

CVE-2014-1409

CRITICAL
CVSS:9.1(Critical)

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords

CWE-912014

CVE-2021-21019

CRITICAL
CVSS:9.1(Critical)

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code executi...

CWE-912021

CVE-2021-21025

CRITICAL
CVSS:9.1(Critical)

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code...

CWE-912021

CVE-2022-34253

CRITICAL
CVSS:9.1(Critical)

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges c...

CWE-912022

CVE-2024-25413

CRITICAL
CVSS:9.1(Critical)

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.

CWE-912024

CVE-2018-16785

HIGH
CVSS:8.8(High)

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell

CWE-912018