A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users.
The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by using SQL injection techniques in crafted HTTP POST requests to an affected system. A successful exploit could allow the attacker to view or delete notices owned by other users of the system. The notices may contain guest credentials in clear text.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | identity_services_engine_software | any | cpe:2.3:a:cisco:identity_services_engine_software:any:*:*:*:*:*:*:* |