PT-2017-12406 · Cisco · Cisco Socialminer

Published

2017-09-07

Updated

2019-10-09

CVE-2017-12216

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco SocialMiner (affected versions not specified)

Description A vulnerability in the web-based user interface could allow an unauthenticated, remote attacker to have read and write access to information stored in the system. The issue is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this by convincing the administrator to import a crafted XML file with malicious entries, allowing the attacker to read and write files and execute remote code within the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-611

Related Identifiers

CVE-2017-12216

Affected Products

Cisco Socialminer

PT-2017-12406 · Cisco · Cisco Socialminer

CVE-2017-12216

Weakness Enumeration

Related Identifiers

Affected Products

References · 4