CVE-2013-3406

Name of the Vulnerable Software and Affected Versions Cisco Services Portal version 9.4(1)

Description The issue allows remote authenticated users to read arbitrary files via a crafted request. This is related to the "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component.

Recommendations For Cisco Services Portal version 9.4(1), consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.