The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote malicious users to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco identity services engine software 1.3\\(0.722\\) |
||
cisco identity services engine software 1.2\\(1.901\\) |