Vulnerability in Cisco Socialminer

CVE-2013-5489

The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3)…

EPSS: 0.003 (49.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Socialminer
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

psirt@cisco.com (x_refsource_CONFIRM)
cisco-socialminer-cve20135489-info-disc(86965) (vdb-entry, x_refsource_XF)
20130910 Cisco SocialMiner Sensitive Information GET Request Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)