CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-15448

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.3%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/105862
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-res-info-disc
http://www.securityfocus.com/bid/105862
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-res-info-disc

Products affected by CVE-2018-15448

Cisco » Registered Envelope Service » Version: N/A

cpe:2.3:a:cisco:registered_envelope_service:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15448

Products

Pricing

Contact Us