How severe is CVE-2019-12711?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2019-12711?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2019-12711 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.

Related Vulnerabilities

CVE-2022-0198

MEDIUM

CVSS:6.1(Medium)

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

CWE-6112022

CVE-2023-0871

MEDIUM

CVSS:6.1(Medium)

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instan...

CWE-6112023

CVE-2019-0284

MEDIUM

CVSS:6.0(Medium)

SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a r...

CWE-6112019

CVE-2023-20030

MEDIUM

CVSS:6.0(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side reque...

CWE-6112023

CVE-2016-6805

MEDIUM

CVSS:5.9(Medium)

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

CWE-6112016

CVE-2017-6344

MEDIUM

CVSS:5.9(Medium)

XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.

CWE-6112017