CVE-2015-0620

Cisco TelePresence Management Suite < 14.3(.2) - Authenticated Denial of Service via XML External Entity Injection

Title source: llm
STIX 2.1

Description

The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100924
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031753

Scores

EPSS 0.0125
EPSS Percentile 66.0%

Details

CWE
CWE-20
Status published
Products (3)
cisco/telepresence_management_suite 14.3
cisco/telepresence_management_suite 14.3\(.1\)
cisco/telepresence_management_suite < 14.3\(.2\)
Published Feb 18, 2015
Tracked Since Feb 18, 2026