Pieter Vlasblom

**Name of the Vulnerable Software and Affected Versions** Cisco Common Services Platform Collector (affected versions not specified) **Description** The issue is related to the web-based management interface of Cisco Common Services Platform Collector, where errors occur when responding to a correct API request. This could allow a remote attacker to access sensitive data by sending a specially crafted HTTP request to the vulnerable application. The vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit this by sending a crafted HTTP request, potentially obtaining sensitive information about the application's users, including security questions and answers. To exploit this, an attacker would need valid Administrator credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.