Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-0581

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.

Published

2015-01-28T22:59:02.937

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

7.8

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	prime_service_catalog	≤ 10.0	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/72350 ([email protected])
http://www.securitytracker.com/id/1031658 ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/72350 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1031658 (af854a3a-2127-422b-91ae-364da2661108)