PT-2015-4727 · Cisco · Cisco Prime Service Catalog

Published

2015-01-28

Updated

2015-09-17

CVE-2015-0581

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:P

Name of the Vulnerable Software and Affected Versions Cisco Prime Service Catalog versions prior to 10.1

Description The issue allows remote authenticated users to read arbitrary files or cause a denial of service due to an XML External Entity (XXE) issue. This can be achieved via an external entity declaration in conjunction with an entity reference, potentially allowing access to sensitive information such as private keys.

Recommendations For versions prior to 10.1, update to version 10.1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-0581

Affected Products

Cisco Prime Service Catalog

PT-2015-4727 · Cisco · Cisco Prime Service Catalog

CVE-2015-0581

Related Identifiers

Affected Products

References · 4