CVE-2018-15448

Name of the Vulnerable Software and Affected Versions: Cisco Registered Envelope Service (CRES) (affected versions not specified)

Description: The issue is related to the user management functions of Cisco Registered Envelope Service, where an insecure configuration allows improper indexing, potentially revealing sensitive user information. An unauthenticated, remote attacker could exploit this by using a search engine to look for specific data strings, allowing them to discover certain sensitive information about the application, including usernames. This could enable the attacker to conduct additional reconnaissance attacks.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.