CVE-2015-0581

Name of the Vulnerable Software and Affected Versions Cisco Prime Service Catalog versions prior to 10.1

Description The issue allows remote authenticated users to read arbitrary files or cause a denial of service due to an XML External Entity (XXE) issue. This can be achieved via an external entity declaration in conjunction with an entity reference, potentially allowing access to sensitive information such as private keys.

Recommendations For versions prior to 10.1, update to version 10.1 or later to resolve the issue.