2 matches found
CVE-2013-1225
Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...
CVE-2013-1225
The CVE-2013-1225 issue affects Cisco Unified CVP Software prior to 9.0.1 ES 11. It is an XML External Entity (XXE) vulnerability in the Resource Manager reachable via HTTP/HTTPS, allowing remote attackers to read arbitrary files. The root cause is an XXE processing flaw in the file/HTTP(S) reque...