Lucene search
CiscoCVE-2015-0757HistoryMay 29, 2015 - 3:59 p.m.
CVE-2015-0757
2015-05-2915:59:11
CWE-200
cisco
web.nvd.nist.gov
24
cisco
ise
web framework
vulnerability
remote attackers
sensitive information
nvd
cve-2015-0757
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
53.0%
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
Affected configurations
Node
ciscoidentity_services_engine_softwareMatch1.2\(1.901\)
ORciscoidentity_services_engine_softwareMatch1.3\(0.722\)
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | identity_services_engine_software | 1.2(1.901) | cpe:2.3:a:cisco:identity_services_engine_software:1.2\(1.901\):*:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.3(0.722) | cpe:2.3:a:cisco:identity_services_engine_software:1.3\(0.722\):*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2015-05-29 15:59:00
nvd
nvd
CVE-2015-0757
2015-05-29 15:59:11
cisco
cisco
Cisco Identity Services Engine Information Disclosure Vulnerability
2015-05-27 21:54:02
cvelist
cvelist
CVE-2015-0757
2015-05-29 15:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
53.0%
Related for CVE-2015-0757