CVE-2015-0758

{"id": "CVE-2015-0758", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-30T14:59:05.660", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39130", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032448", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452."}, {"lang": "es", "value": "La interfaz del usuario basado en web en Cisco Unified MeetingPlace 8.6(1.9) permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de un documento XML que contiene una declaraci\u00f3n de entidad externa en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE), tambi\u00e9n conocido como Bug ID CSCus97452."}], "lastModified": "2017-01-04T14:56:47.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_meetingplace:8.6\\(1.9\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C47E11F-0218-4C33-B59D-8854640B3204"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}