Описание
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:cloud_portal:9.1:sp1:*:*:*:*:*:*
cpe:2.3:a:cisco:cloud_portal:9.1:sp2:*:*:*:*:*:*
cpe:2.3:a:cisco:cloud_portal:9.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:cloud_portal:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:cloud_portal:9.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00153
Низкий
4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
EPSS
Процентиль: 36%
0.00153
Низкий
4 Medium
CVSS2
Дефекты
CWE-264