CVE-2015-0581

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGH
EPSS
0.5%
top 34.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Service Catalog
Timeline
PublishedJan 28
Latest updateMay 17

Description

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.

CVSS vector

AV:N/AC:L/C:C/I:N/A:PExploitability: 8.0 | Impact: 7.8

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-34hv-w8p5-75g4: The XML parser in Cisco Prime Service Catalog before 102022-05-17
CVEList
CVE-2015-0581: The XML parser in Cisco Prime Service Catalog before 102015-01-28

📋Vendor Advisories

1
Cisco
Cisco Prime Service Catalog XML External Entity Processing Vulnerability2015-01-28
CVE-2015-0581 (HIGH CVSS 7.5) | The XML parser in Cisco Prime Servi | cvebase.io