CVE-2019-1860

Name of the Vulnerable Software and Affected Versions Cisco Unified Intelligence Center (affected versions not specified)

Description The issue is related to incorrect resource identifier control in the monitoring panel of Cisco Unified Intelligence Center. It could allow a remote attacker to impact the confidentiality and integrity of protected information using a specially crafted gadget. The vulnerability is due to the lack of gadget validation, which could be exploited by forcing a user to load a malicious gadget, potentially allowing the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user's browser and Cisco Unified Intelligence Center.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.