exploitDog

CVE-2013-3380

Опубликовано: 12 июн. 2013

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:cisco:secure_access_control_server_solution_engine:-:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00143

Низкий

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-jw22-cx5q-mmw5

github

больше 3 лет назад

The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.

EPSS

Процентиль: 35%

0.00143

Низкий

4 Medium

CVSS2

Дефекты

CWE-200