First published: Fri Oct 05 2018(Updated: )
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco HyperFlex HX Data Platform | =2.6\(1d\) | |
Cisco HyperFlex HX Data Platform | =3.0\(1a\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Cisco HyperFlex HX Data Platform Software vulnerability is CVE-2018-15429.
CVE-2018-15429 has a severity rating of 5.3 (medium severity).
An attacker could exploit CVE-2018-15429 by sending unauthorized HTTP requests to access sensitive information on the affected system.
Versions 2.6(1d) and 3.0(1a) of Cisco HyperFlex HX Data Platform Software are affected by CVE-2018-15429.
More information about CVE-2018-15429 can be found at the following Cisco Security Advisory: [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-uda).