XML External Entity Vulnerability in Cisco Unified MeetingPlace
CVE-2015-0758

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace
Vendor: CVE Published:; 30 May 2015

Summary

The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) is susceptible to an XML External Entity (XXE) vulnerability. This allows remote attackers to exploit the system by sending a crafted XML document containing an external entity declaration. Consequently, this can lead to unauthorized access to arbitrary files on the server, resulting in potential information disclosure. Users of affected versions should prioritize applying security updates to mitigate this risk.

References

http://www.securitytracker.com/id/1032448

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
May 30, 2015
Vulnerability Reserved
Jan 7, 2015