CVE-2013-1140

{"id": "CVE-2013-1140", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-06T13:10:25.970", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093."}, {"lang": "es", "value": "El analizador XML de Cisco Security Monitoring, Analysis, y Response System (MARS) permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de una declaraci\u00f3n de entidad externa, en relaci\u00f3n con una referencia de entidad, relacionada con la entidad XML externo (XXE) expedir, tambi\u00e9n conocido como Bug ID CSCue55093."}], "lastModified": "2013-03-06T17:22:55.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9033AA05-35F6-466B-B7C2-7E6D17CE7137"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}