CVE-2015-0757

Published: May 29, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.

Affected (2)

Products: Cisco: Identity Services Engine Software

1 product

Identity Services Engine Software

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine Software	Version 1.2(1.901)
Cisco Identity Services Engine Software	Version 1.3(0.722)

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://tools.cisco.com/security/center/viewAlert.x?alertId=39042

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/74864

Source: psirt@cisco.com

http://www.securitytracker.com/id/1032420

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=39042

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/74864

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032420

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.