CVE-2016-9012

Name of the Vulnerable Software and Affected Versions CloudVision Portal (CVP) versions prior to 2016.1.2.1

Description The issue allows remote authenticated users to gain access to internal configuration mechanisms via the management plane. This is related to a request to the "/web/system/console/bundle" API endpoint.

Recommendations For versions prior to 2016.1.2.1, update to version 2016.1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/web/system/console/bundle" API endpoint to minimize the risk of exploitation.