CVE-2017-12216
https://notcve.org/view.php?id=CVE-2017-12216
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. Una vulnerabilidad en la interfaz de usuario web de Cisco SocialMiner podría permitir a un atacante remoto no autenticado tener acceso de lectura y escritura a la información almacenada en el sistema afectado. • http://www.securityfocus.com/bid/100664 http://www.securitytracker.com/id/1039274 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-6702
https://notcve.org/view.php?id=CVE-2017-6702
A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1). Una vulnerabilidad en el framework Web de SocialMiner de Cisco, podría permitir a un atacante remoto no identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz web de un sistema afectado. Más información: CSCve15285. • http://www.securityfocus.com/bid/99205 http://www.securitytracker.com/id/1038738 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6356
https://notcve.org/view.php?id=CVE-2015-6356
Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. Vulnerabilidad de XSS en la página WeChat en Cisco Social Miner 10.0(1) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCuw60212. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm http://www.securitytracker.com/id/1034048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5492
https://notcve.org/view.php?id=CVE-2013-5492
administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780. administration.jsp en Cisco SocialMiner permite a atacantes remotos obtener información sensible mediante la captura de tráfico de red para tráfico HTTP cliente-servidor. Aka Bug ID CSCuh76780. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492 http://www.securitytracker.com/id/1029033 • CWE-310: Cryptographic Issues •
CVE-2013-5489
https://notcve.org/view.php?id=CVE-2013-5489
The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125. El gadget implementación en Cisco SocialMiner no restringe apropiadamente el contenido de peticiones GET, lo que permite a atacantes remotos obtener información sensible leyendo logs de acceso del servidor web(1) , logs Referer del servidor web(2) o el historial de navegación . Conocido tambien como Bug ID CSCuh74125. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489 http://tools.cisco.com/security/center/viewAlert.x?alertId=30734 https://exchange.xforce.ibmcloud.com/vulnerabilities/86965 • CWE-264: Permissions, Privileges, and Access Controls •