exploitDog

CVE-2015-0758

Опубликовано: 30 мая 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.

Ссылки

http://tools.cisco.com/security/center/viewAlert.x?alertId=39130
Vendor Advisory
http://www.securitytracker.com/id/1032448
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=39130
Vendor Advisory
http://www.securitytracker.com/id/1032448
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:unified_meetingplace:8.6\(1.9\):*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00246

Низкий

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-5qcv-vq3q-6hmj

github

больше 3 лет назад

The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.

EPSS

Процентиль: 48%

0.00246

Низкий

4 Medium

CVSS2

Дефекты

CWE-200