CVE-2016-1358

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions 2.2, 3.0, and 3.1(0.0)

Description The issue allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For Cisco Prime Infrastructure versions 2.2, 3.0, and 3.1(0.0), consider restricting access to XML documents and entity references to minimize the risk of exploitation. As a temporary workaround, consider disabling the processing of external entity declarations in XML documents until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.