| Cisco Unified MeetingPlace XML External Entity Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information |
| SecurityTracker Alert ID: 1032448 |
| SecurityTracker URL: http://securitytracker.com/id/1032448 |
| CVE Reference: (Links to External Site) |
| Date: Jun 2 2015 |
| Impact: , |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): 8.6(1.9); possibly other versions |
| Description: A vulnerability was reported in Cisco Unified MeetingPlace. A remote authenticated user can obtain potentially sensitive information on the target system. A remote authenticated user can supply an XML file with a specially crafted XML External Entity (XXE) that, when imported by an authenticated administrator, will allow the remote authenticated user to view potentially sensitive information. The vendor has assigned bug ID CSCus97452 to this vulnerability. |
| Impact: A remote authenticated user can obtain potentially sensitive information on the target system. |
| Solution: The vendor has issued a fix. The vendor's advisory is available at: http://tools.cisco.com/security/center/viewAlert.x?alertId=39130 |
| Vendor URL: (Links to External Site) |
| Cause: |
| Underlying OS: |
| |
| Message History: None. |