CVE-2015-6266

Cisco Identity Services Engine 1.2(0.899) - Information Disclosure via Guest Portal Uploaded HTML Documents

Title source: llm
STIX 2.1

Description

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=40691
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033405

Scores

EPSS 0.0159
EPSS Percentile 72.6%

Details

CWE
CWE-287
Status published
Products (1)
cisco/identity_services_engine_software 1.2\(0.899\)
Published Aug 28, 2015
Tracked Since Feb 18, 2026