CVE-2023-6194

HIGH Year: 2023
CVSS v3 Score
7.1
High
Weakness Type
CWE-611
View all →

Vulnerability Description

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

Related Vulnerabilities

CVE-2014-0950

HIGH
CVSS:7.1(High)

Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational...

CWE-6112014

CVE-2015-8549

HIGH
CVSS:7.1(High)

XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.

CWE-6112015

CVE-2016-9181

HIGH
CVSS:7.1(High)

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could ca...

CWE-6112016

CVE-2017-1000061

HIGH
CVSS:7.1(High)

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

CWE-6112017

CVE-2017-1254

HIGH
CVSS:7.1(High)

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informa...

CWE-6112017

CVE-2017-1758

HIGH
CVSS:7.1(High)

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Adv...

CWE-6112017