Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.