CVE-2015-0754

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.3%

top 42.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Finesse

Timeline

PublishedMay 29

Latest updateMay 17

Description

Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.

CVSS vector

AV:N/AC:L/C:P/I:N/A:CExploitability: 8.0 | Impact: 7.8

Affected Packages1 packages

▶NVDcisco/finesse10.5\(1\)_base

🔴Vulnerability Details

GHSA

GHSA-gffc-hhrm-xfv2: Cisco Finesse 10↗2022-05-17

▶

CVEList

CVE-2015-0754: Cisco Finesse 10↗2015-05-29

▶

📋Vendor Advisories

Cisco

Cisco Finesse XML Processing Denial of Service Vulnerability↗2015-05-27

▶