CVE-2018-15429

CWE-20 — Improper Input Validation CWE-862 — Missing Authorization5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.7%

top 28.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Hyperflex HX Data Platform Cisco Hyperflex HX Data Platform

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/hyperflex_hx_data_platform2.6\(1d\), 3.0\(1a\)+1

▶CVEListV5cisco/cisco_hyperflex_hx_data_platformn/a

🔴Vulnerability Details

GHSA

GHSA-h2f3-v6c8-jmmw: A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive i↗2022-05-13

▶

CVEList

Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability↗2018-10-03

▶

💬Community

Bugzilla

qt5-qtwebengine: 16 security vulnerabilities↗2018-03-24

▶