CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-12216

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 80.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://www.securityfocus.com/bid/100664
http://www.securitytracker.com/id/1039274
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin
http://www.securityfocus.com/bid/100664
http://www.securitytracker.com/id/1039274
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin

Products affected by CVE-2017-12216

Cisco » Socialminer » Version: N/A

cpe:2.3:a:cisco:socialminer:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-12216

Products

Pricing

Contact Us