SQL Injection Vulnerability in Cisco ISE Sponsor Portal: Unauthorized Access to Notices

SQL Injection Vulnerability in Cisco ISE Sponsor Portal: Unauthorized Access to Notices

CVE-2017-3835 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).

Learn more about our Cis Benchmark Audit For Cisco.