cisco-sa-20150128-psc-xmlee

Cisco Prime Service Catalog XML External Entity Processing Vulnerability

cisco-sa-20150128-psc-xmlee · High · Published 11 years ago · Updated 11 years ago

A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. Cisco has released software updates that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee

Cisco advisory ·CSAF JSON

Workarounds

There are no mitigations that can be performed manually on the affected system.

CVEs	CVE-2015-0581
Cisco Bug IDs	CSCup92880
CVSS Score	Base 7.0 Base 7.0 AV:N/AC:M/Au:S/C:C/I:N/A:P/E:F/RL:OF/RC:C
Product Names From Source	Cisco Prime Service Catalog

CSAF Product Statuses

Product	Status	Source	CVE	Rows
Cisco Prime Service Catalog	known_affected	cisco_csaf	CVE-2015-0581	1

Related Products

Product	CVE	Evidence
Cisco Prime Service Catalog	CVE-2015-0581	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime Service Catalog XML External Entity Processing Vulnerability

Workarounds

CSAF Product Statuses

Related Products