CVE-2016-1358

MEDIUM

Cisco Prime Infrastructure <3.1 - XXE

Title source: llm
STIX 2.1

Description

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035181

Scores

CVSS v3 6.4
EPSS 0.0129
EPSS Percentile 66.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H

Details

CWE
CWE-119
Status published
Products (3)
cisco/prime_infrastructure 2.2
cisco/prime_infrastructure 3.0
cisco/prime_infrastructure 3.1
Published Mar 03, 2016
Tracked Since Feb 18, 2026