CVE-2015-0581

EPSS 0.48%
Veröffentlicht 28.01.2015 22:59:02
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Prime Service Catalog Version <= 10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.624

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	8	7.8	AV:N/AC:L/Au:S/C:C/I:N/A:P

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee

Vendor Advisory

http://www.securityfocus.com/bid/72350

http://www.securitytracker.com/id/1031658

https://nvd.nist.gov/vuln/detail/CVE-2015-0581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0581

EUVD