Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco WebEx Meetings Server XML External Entity Vulnerability

cisco-sa-20170315-wms · Medium · Published · Updated

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of an XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted XML file to the affected system. A successful exploit could allow the attacker to have read access to part of the information stored in the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-3811
Cisco Bug IDsCSCvc39165
CVSS ScoreBase 6.5
Base 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco WebEx Meetings Server

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2017-3811 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2017-3811 Cisco OpenVuln