CVE-2018-15444

Name of the Vulnerable Software and Affected Versions Cisco Energy Management Suite Software (affected versions not specified)

Description The issue is related to the improper handling of XML External Entity (XXE) entries when parsing certain XML files in the web-based user interface. This could allow an authenticated, remote attacker to gain read and write access to information stored on an affected system. An attacker could exploit this by convincing a user to import a crafted XML file with malicious entries, potentially allowing the attacker to read and write files within the affected application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.