CVE-2015-0757
Cisco Identity Services Engine 1.2(1.901)/1.3(0.722) Sensitive Information Exposure
Title source: llmDescription
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=39042
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74864
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032420
Scores
EPSS
0.0247
EPSS Percentile
82.6%
Details
CWE
CWE-200
Status
published
Products (2)
cisco/identity_services_engine_software
1.2\(1.901\)
cisco/identity_services_engine_software
1.3\(0.722\)
Published
May 29, 2015
Tracked Since
Feb 18, 2026