CVE-2024-28039

MEDIUM Year: 2024
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition.

Related Vulnerabilities

CVE-2016-7458

MEDIUM
CVSS:5.8(Medium)

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunc...

CWE-6112016

CVE-2018-0414

MEDIUM
CVSS:5.7(Medium)

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerabil...

CWE-6112018

CVE-2020-4606

MEDIUM
CVSS:5.7(Medium)

IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitiv...

CWE-6112020

CVE-2016-6805

MEDIUM
CVSS:5.9(Medium)

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

CWE-6112016

CVE-2017-6344

MEDIUM
CVSS:5.9(Medium)

XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.

CWE-6112017

CVE-2018-17247

MEDIUM
CVSS:5.9(Medium)

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java S...

CWE-6112018