CVE-2023-37364

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-611
View all →

Vulnerability Description

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152.

Related Vulnerabilities

CVE-2012-2239

CRITICAL
CVSS:9.1(Critical)

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading...

CWE-6112012

CVE-2012-3363

CRITICAL
CVSS:9.1(Critical)

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connect...

CWE-6112012

CVE-2013-4333

CRITICAL
CVSS:9.1(Critical)

OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability

CWE-6112013

CVE-2014-0931

CRITICAL
CVSS:9.1(Critical)

Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CM...

CWE-6112014

CVE-2016-2908

CRITICAL
CVSS:9.1(Critical)

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker ...

CWE-6112016

CVE-2016-3974

CRITICAL
CVSS:9.1(Critical)

XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access ...

CWE-6112016