CVE-2017-12216
Summary
| CVE | CVE-2017-12216 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-09-07 21:29:00 UTC |
| Updated | 2019-10-09 23:22:00 UTC |
| Description | A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. |
Risk And Classification
Problem Types: CWE-611
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Socialminer | - | All | All | All |
| Application | Cisco | Socialminer | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco SocialMiner CVE-2017-12216 XML External Entity Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco SocialMiner XML External Entity Processing Flaw Lets Remote Users Read and Write Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco SocialMiner XML External Entity Injection Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.