CVE-2015-0581

CVE Database · CVE-2015-0581

CVE-2015-0581

· N/AModified

CVSS v3.1

N/A

EPSS

2.37%

Published

Jan 28, 2015

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.

Affected Products (1)

cisco · prime_service_catalogvulnerable

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee

Vendor Advisory

http://www.securityfocus.com/bid/72350

http://www.securitytracker.com/id/1031658

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee

Vendor Advisory

http://www.securityfocus.com/bid/72350

http://www.securitytracker.com/id/1031658

KEV Catalog EPSS Scores Vendors All CVEs