CVE-2015-0758

Cisco Unified MeetingPlace 8.6(1.9) - XML External Entity Injection via Web Interface

Title source: llm
STIX 2.1

Description

The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032448
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=39130

Scores

EPSS 0.0163
EPSS Percentile 73.3%

Details

CWE
CWE-200
Status published
Products (1)
cisco/unified_meetingplace 8.6\(1.9\)
Published May 30, 2015
Tracked Since Feb 18, 2026