Sensitive Information Exposure in Cisco SocialMiner
CVE-2013-5489

Currently unrated

Key Information:

Vendor: Cisco
Status: Socialminer
Vendor: CVE Published:; 13 September 2013

Summary

The gadget implementation in Cisco SocialMiner fails to effectively restrict the content of GET requests, which can inadvertently expose sensitive user data. This vulnerability potentially allows unauthorized remote attackers to gain access to critical information by reading web-server access logs, web-server Referer logs, or even the browser history. Such information exposure could lead to further security risks if exploited.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/86965

vdb-entryx_refsource_XF

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Sep 13, 2013
Vulnerability Reserved
Aug 22, 2013