XML Processing Vulnerability in Cisco Finesse Product
CVE-2015-0754

Currently unrated

Key Information:

Vendor: Cisco
Status: Finesse
Vendor: CVE Published:; 29 May 2015

Summary

Cisco Finesse 10.5(1) contains a vulnerability that permits remote authenticated users to manipulate XML documents to either access sensitive information or induce a denial of service condition. This occurs due to improper handling of input, leading to excessive consumption of CPU and memory resources, thus triggering disruptions in service. The vulnerability is identified by Bug ID CSCut95810 and highlights the importance of securing XML processing to prevent exploitation.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032423

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 29, 2015
Vulnerability Reserved
Jan 7, 2015