CVE-2013-1140

Published: Mar 6, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093.

Affected (1)

Products: Cisco: Security Monitoring Analysis And Response System

1 product

Security Monitoring Analysis And Response System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Security Monitoring Analysis And Response System	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.