CVE-2017-12216

Name of the Vulnerable Software and Affected Versions Cisco SocialMiner (affected versions not specified)

Description A vulnerability in the web-based user interface could allow an unauthenticated, remote attacker to have read and write access to information stored in the system. The issue is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this by convincing the administrator to import a crafted XML file with malicious entries, allowing the attacker to read and write files and execute remote code within the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.