CVE-2018-15429

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	MEDIUM
CVSS	5.3
EPSS	0.70% EPSS medium
CWE	CWE-20
KEV
Published	7 years ago
Modified	1 year ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco HyperFlex HX Data Platform	cisco-sa-20181003-hyperflex-uda	structured affected CSAF product_status