CVE-2015-0758 — MEDIUM (4.0)

Vulnerability Description

The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Unified Meetingplace	8.6\(1.9\)

Related Weaknesses (CWE)

CWE-200

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=39130Vendor Advisory
http://www.securitytracker.com/id/1032448Third Party AdvisoryVDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=39130Vendor Advisory
http://www.securitytracker.com/id/1032448Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-0758?

CVE-2015-0758 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an...

How severe is CVE-2015-0758?

CVE-2015-0758 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0758?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Meetingplace.