CVE-2013-1139

Name of the Vulnerable Software and Affected Versions Cisco Cloud Portal versions 9.1 SP1 through 9.1 SP2 Cisco Cloud Portal versions 9.3 through 9.3.2

Description The issue concerns the nsAPI interface, which fails to properly check privileges. This allows remote authenticated users to obtain sensitive information by using a crafted URL.

Recommendations For Cisco Cloud Portal versions 9.1 SP1 and 9.1 SP2, update to a version that properly checks privileges for the nsAPI interface. For Cisco Cloud Portal versions 9.3 through 9.3.2, update to a version that properly checks privileges for the nsAPI interface. As a temporary workaround, consider restricting access to the nsAPI interface until a patch is available.