Xxe

2013-05-0912:31:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.9%

JSON

Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.

CPENameOperatorVersion
unified_customer_voice_portaleq3.0 sr1
unified_customer_voice_portaleq4.2.0
unified_customer_voice_portaleq3.610 es1
unified_customer_voice_portaleq4.2 sr1
unified_customer_voice_portaleq<= 9.1
unified_customer_voice_portaleq7.2.0
unified_customer_voice_portaleq8.51.0
unified_customer_voice_portaleq9.0
unified_customer_voice_portaleq4.0
unified_customer_voice_portaleq7.0

Name	Operator	Version
unified_customer_voice_portal	eq	3.0 sr1
unified_customer_voice_portal	eq	4.2.0
unified_customer_voice_portal	eq	3.610 es1
unified_customer_voice_portal	eq	4.2 sr1
unified_customer_voice_portal	eq	<= 9.1
unified_customer_voice_portal	eq	7.2.0
unified_customer_voice_portal	eq	8.51.0
unified_customer_voice_portal	eq	9.0
unified_customer_voice_portal	eq	4.0
unified_customer_voice_portal	eq	7.0