CWE-611
AllowedImproper Restriction of XML External Entity Reference
Abstraction: Base · Status: Draft
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
1691 vulnerabilities reference this CWE, most recent first.
GHSA-RJGM-F3MV-P89P
Vulnerability from github – Published: 2022-05-12 00:00 – Updated: 2022-05-21 00:00XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests.
{
"affected": [],
"aliases": [
"CVE-2021-42646"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-11T18:15:00Z",
"severity": "CRITICAL"
},
"details": "XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests.",
"id": "GHSA-rjgm-f3mv-p89p",
"modified": "2022-05-21T00:00:48Z",
"published": "2022-05-12T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42646"
},
{
"type": "WEB",
"url": "https://github.com/wso2/carbon-identity-framework/pull/3472"
},
{
"type": "WEB",
"url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1289"
},
{
"type": "WEB",
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1289"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167465/WSO2-Management-Console-XML-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Jun/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RJPM-QMQ7-Q85W
Vulnerability from github – Published: 2024-05-30 00:49 – Updated: 2024-05-30 00:49Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host's RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn't actually mean "No Entities"). In addition, libxml2's innate defense against the related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2's hardcoded entity recursion limit). No instances of these two options were noted, but it's worth referencing for the future.
Consider this (non-fatal) example:
<?xml version="1.0"?>
<!DOCTYPE data [<!ENTITY a
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">]>
<data>&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;</data>
Increase the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.
...
This can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/routing"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-30T00:49:54Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host\u0027s RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn\u0027t actually mean \"No Entities\"). In addition, libxml2\u0027s innate defense against the related Exponential or Billion Laugh\u0027s XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2\u0027s hardcoded entity recursion limit). No instances of these two options were noted, but it\u0027s worth referencing for the future.\n\nConsider this (non-fatal) example:\n```\n\u003c?xml version=\"1.0\"?\u003e\n\u003c!DOCTYPE data [\u003c!ENTITY a\n\"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\"\u003e]\u003e\n\u003cdata\u003e\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u0026a;\u003c/data\u003e\n```\nIncrease the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.\n\n...\n\nThis can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities. ",
"id": "GHSA-rjpm-qmq7-q85w",
"modified": "2024-05-30T00:49:54Z",
"published": "2024-05-30T00:49:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/symfony/routing/commit/769e8e6584c5d13e7c6f51aa77a9d5f977fec463"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/2012-08-28.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/symfony/routing"
},
{
"type": "WEB",
"url": "https://symfony.com/blog/security-release-symfony-2-0-17-released"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Symfony XXE security vulnerability"
}
GHSA-RM23-6MWV-8Q9Q
Vulnerability from github – Published: 2022-07-01 00:01 – Updated: 2022-12-12 19:43Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:recipe"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-34793"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-12T21:18:56Z",
"nvd_published_at": "2022-06-30T18:15:00Z",
"severity": "HIGH"
},
"details": "Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
"id": "GHSA-rm23-6mwv-8q9q",
"modified": "2022-12-12T19:43:42Z",
"published": "2022-07-01T00:01:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34793"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/recipe-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "XML External Entity Reference in Jenkins Recipe Plugin"
}
GHSA-RM8V-C7X4-4MRQ
Vulnerability from github – Published: 2023-04-13 21:30 – Updated: 2024-04-04 03:27All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.
{
"affected": [],
"aliases": [
"CVE-2023-26264"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.",
"id": "GHSA-rm8v-c7x4-4mrq",
"modified": "2024-04-04T03:27:27Z",
"published": "2023-04-13T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26264"
},
{
"type": "WEB",
"url": "https://talend.com"
},
{
"type": "WEB",
"url": "https://www.talend.com/security/incident-response/#CVE-2023-26264"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RMM5-G63H-M6G9
Vulnerability from github – Published: 2018-12-19 19:24 – Updated: 2024-03-04 22:41jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "ro.pippo:pippo-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-20059"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:55:08Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.",
"id": "GHSA-rmm5-g63h-m6g9",
"modified": "2024-03-04T22:41:23Z",
"published": "2018-12-19T19:24:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20059"
},
{
"type": "WEB",
"url": "https://github.com/pippo-java/pippo/issues/486"
},
{
"type": "WEB",
"url": "https://github.com/pippo-java/pippo/commit/9f36e5891c0b11f840e1e1561ae96d83ba9ce759"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rmm5-g63h-m6g9"
},
{
"type": "PACKAGE",
"url": "https://github.com/pippo-java/pippo"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Restriction of XML External Entity Reference in pippo-core"
}
GHSA-RMMH-6G98-M869
Vulnerability from github – Published: 2024-12-10 03:31 – Updated: 2024-12-10 03:31Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
{
"affected": [],
"aliases": [
"CVE-2024-47582"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T01:15:06Z",
"severity": "MODERATE"
},
"details": "Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.",
"id": "GHSA-rmmh-6g98-m869",
"modified": "2024-12-10T03:31:45Z",
"published": "2024-12-10T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47582"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3351041"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RMMQ-5PX8-WWPM
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the doIForward method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-21774.
{
"affected": [],
"aliases": [
"CVE-2023-42035"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:36Z",
"severity": "MODERATE"
},
"details": "Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the doIForward method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-21774.",
"id": "GHSA-rmmq-5px8-wwpm",
"modified": "2024-05-03T03:31:00Z",
"published": "2024-05-03T03:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42035"
},
{
"type": "WEB",
"url": "https://myconnectionserver.visualware.com/support/security-advisories"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1397"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RMVG-87V4-QJVV
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2024-04-04 01:48Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
{
"affected": [],
"aliases": [
"CVE-2019-15637"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-26T17:15:00Z",
"severity": "HIGH"
},
"details": "Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.",
"id": "GHSA-rmvg-87v4-qjvv",
"modified": "2024-04-04T01:48:06Z",
"published": "2022-05-24T16:54:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15637"
},
{
"type": "WEB",
"url": "https://community.tableau.com/community/security-bulletins/blog/2019/08/22/important-adv-2019-030-xxe-vulnerability-in-tableau-products"
},
{
"type": "WEB",
"url": "https://github.com/minecrater/exploits/blob/master/TableauXXE.py"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/154232/Tableau-XML-Injection.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RMWW-XFP2-VX9M
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.
{
"affected": [],
"aliases": [
"CVE-2021-20595"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "HIGH"
},
"details": "Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.3.35 and prior, GB-50A Ver.3.35 and prior, GB-24A Ver.9.11 and prior, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior), Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) and Air Conditioning System/BM adapter(BAC-HD150 Ver.2.21 and prior) allows a remote unauthenticated attacker to disclose some of data in the air conditioning system or cause a DoS condition by sending specially crafted packets.",
"id": "GHSA-rmww-xfp2-vx9m",
"modified": "2022-05-24T19:07:44Z",
"published": "2022-05-24T19:07:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20595"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU93086468/index.html"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-005_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RP2X-6XFP-M8M3
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.
{
"affected": [],
"aliases": [
"CVE-2018-1835"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-02T15:29:00Z",
"severity": "HIGH"
},
"details": "IBM Daeja ViewONE Professional, Standard \u0026 Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.",
"id": "GHSA-rp2x-6xfp-m8m3",
"modified": "2022-05-13T01:32:35Z",
"published": "2022-05-13T01:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1835"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150514"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10733815"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Many XML parsers and validators can be configured to disable external entity expansion.
CAPEC-221: Data Serialization External Entities Blowup
This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.