CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2013-1225
https://notcve.org/view.php?id=CVE-2013-1225
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366. Cisco Unified Customer Voice Portal (CVP) Software anterior a v9.0.1 ES v11 permite a atacantes remotos leer ficheros arbitrarios a través de peticiones Resource Manager (1) HTTP ó (2) HTTPS que contienen una entidad externa junto con una referencia declarada, relacionada con un asunto XML External Entity (XEE), también conocido como Bug ID CSCub38366. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2008-2053
https://notcve.org/view.php?id=CVE-2008-2053
Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account. Vulnerabilidad sin especificar en Cisco Unified Customer Voice Portal (CVP) 4.0.x anterior a 4.0(2)_ES14, 4.1.x anterior a 4.1(1)_ES11 y 7.x anterior 7.0(1), permite a usuarios autenticados remotamente con privilegios del rol de administrador el crear, modificar o eliminar cuentas de superusuario. • http://secunia.com/advisories/30289 http://securitytracker.com/id?1020080 http://www.cisco.com/en/US/products/products_security_advisory09186a008099beae.shtml http://www.securityfocus.com/bid/29315 http://www.vupen.com/english/advisories/2008/1603/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42564 •