CVE-2017-12216: XEE
First published: Thu Sep 07 2017(Updated: )
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SocialMiner |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12216?
The severity of CVE-2017-12216 is considered high due to the potential for unauthorized access to sensitive data.
How do I fix CVE-2017-12216?
To fix CVE-2017-12216, apply the latest security patches provided by Cisco for SocialMiner.
What types of attacks can exploit CVE-2017-12216?
CVE-2017-12216 can be exploited by an unauthenticated attacker to gain read and write access to sensitive information stored in the system.
Which software versions are affected by CVE-2017-12216?
CVE-2017-12216 affects the Cisco SocialMiner software across potentially all versions.
Is user authentication required to exploit CVE-2017-12216?
No, CVE-2017-12216 can be exploited by unauthenticated remote attackers.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/tags
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/cisco
- canonical/cisco socialminer