CVE-2013-3380

Published: Jun 12, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.

Affected (1)

Products: Cisco: Secure Access Control Server Solution Engine

1 product

Secure Access Control Server Solution Engine

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Access Control Server Solution Engine	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.