How severe is CVE-2017-12216?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-12216?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2017-12216 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946.

Related Vulnerabilities

CVE-2015-5173

HIGH

CVSS:8.8(High)

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with...

CWE-2002015

CVE-2016-0286

HIGH

CVSS:8.8(High)

IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote authenticated users to obtain administrator passwords by leveraging unspecifie...

CWE-2002016

CVE-2016-10314

HIGH

CVSS:8.8(High)

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read p...

CWE-2002016

CVE-2016-10533

HIGH

CVSS:8.8(High)

express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send ...

CWE-2002016

CVE-2016-10809

HIGH

CVSS:8.8(High)

In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).

CWE-2002016

CVE-2016-10810

HIGH

CVSS:8.8(High)

In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).

CWE-2002016