CVE-2015-0758: Infoleak
First published: Sat May 30 2015(Updated: )
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified MeetingPlace | =8.6\(1.9\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0758?
CVE-2015-0758 is classified as a high severity vulnerability due to its potential to allow remote attackers to read arbitrary files.
How do I fix CVE-2015-0758?
To fix CVE-2015-0758, update your Cisco Unified MeetingPlace to the latest patched version provided by Cisco.
What versions are affected by CVE-2015-0758?
CVE-2015-0758 specifically affects Cisco Unified MeetingPlace version 8.6(1.9).
What type of vulnerability is CVE-2015-0758?
CVE-2015-0758 is an XML External Entity (XXE) vulnerability that allows attackers to exploit the XML processing of the web-based user interface.
Can CVE-2015-0758 lead to data leakage?
Yes, CVE-2015-0758 can lead to data leakage as it allows remote attackers to read arbitrary files on the server.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/cisco
- canonical/cisco unified meetingplace
- version/cisco unified meetingplace/8.6\(1.9\)