CVE-2018-0414

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (affected versions not specified)

Description A vulnerability in the web-based UI could allow an authenticated, remote attacker to gain read access to certain information in an affected system. This issue is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this by convincing the administrator to import a crafted XML file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.