A vulnerability in the web framework of Cisco Enterprise License Manager could allow an unauthenticated, remote attacker to view sensitive data.

The vulnerability is due to insufficient protection of database tables.

An attacker could exploit this vulnerability by browsing to a specific URL.

An exploit could allow the attacker to view data library information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-elm

Security Impact Rating: Medium

CVE: CVE-2018-0105

Leave a Reply