CVE-2013-3380

{"id": "CVE-2013-3380", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-12T03:30:15.243", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279."}, {"lang": "es", "value": "La interfaz Web de administraci\u00f3n en el Access Control Server en Cisco Secure Access Control System (ACS) no restringe correctamente la p\u00e1gina de vista de informe, permitiendo a los usuarios autenticados remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa, tambi\u00e9n conocido como Bug ID CSCue79279."}], "lastModified": "2018-10-30T16:25:02.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:secure_access_control_server_solution_engine:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EF4FCB3-CA89-4F76-B84B-5BE789AAB413"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}