CWE-112 is a common weakness enumeration in software security. This database tracks 6 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-112?

There are 6 CVE vulnerabilities classified as CWE-112 with an average CVSS score of 7.1333333333333.

What is the severity distribution for CWE-112?

CWE-112 contains 0 critical, 4 high, 2 medium, and 0 low severity vulnerabilities.

CWE-112

Total CVEs

Vulnerabilities

Avg CVSS v3

7.1

High

Avg CVSS v2

5.6

Medium

Latest CVE

2023

Most Recent

Severity Distribution

Critical 0

High 4

66.7%

Medium 2

33.3%

Low 0

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (6)

Page 1 of 1

CVE-2021-1359

HIGH

CVSS:8.8(High)

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privilege...

CWE-1122021

CVE-2020-1975

HIGH

CVSS:8.8(High)

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This iss...

CWE-1122020

CVE-2022-28213

HIGH

CVSS:8.1(High)

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, whi...

CWE-1122022

CVE-2023-40310

HIGH

CVSS:7.5(High)

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, w...

CWE-1122023

CVE-2021-27780

MEDIUM

CVSS:5.3(Medium)

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.

CWE-1122021

CVE-2020-27282

MEDIUM

CVSS:4.3(Medium)

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unu...

CWE-1122020