CVE-2013-1225
Last modified
CVE-2013-1225 is a vulnerability of currently unknown severity. Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.. EPSS estimates a 1.59% chance of exploitation in the next 30 days.
Description
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Unified Customer Voice Portal | <= 9.0\(1\) | — |
| Cisco | Unified Customer Voice Portal | 3.0 | Sr1 |
| Cisco | Unified Customer Voice Portal | 3.6\(10\) | Es01 |
| Cisco | Unified Customer Voice Portal | 4.0 | — |
| Cisco | Unified Customer Voice Portal | 4.0\(2\) | — |
| Cisco | Unified Customer Voice Portal | 4.1 | — |
| Cisco | Unified Customer Voice Portal | 7.0 | — |
| Cisco | Unified Customer Voice Portal | 7.0\(2\) | — |
| Cisco | Unified Customer Voice Portal | 8.0\(1\) | — |
| Cisco | Unified Customer Voice Portal | 8.5\(1\) | — |
| Cisco | Unified Customer Voice Portal | 9.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1225?
How severe is CVE-2013-1225?
How do I fix CVE-2013-1225?
Are you affected by CVE-2013-1225?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST