CVE-2015-0620
Cisco TelePresence Management Suite < 14.3(.2) - Authenticated Denial of Service via XML External Entity Injection
Title source: llmDescription
The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100924
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031753
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=37491
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0620
Scores
EPSS
0.0125
EPSS Percentile
66.0%
Details
CWE
CWE-20
Status
published
Products (3)
cisco/telepresence_management_suite
14.3
cisco/telepresence_management_suite
14.3\(.1\)
cisco/telepresence_management_suite
< 14.3\(.2\)
Published
Feb 18, 2015
Tracked Since
Feb 18, 2026