CVE-2013-3380 Information

Description

The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page which allows remote authenticated users to obtain sensitive information via a direct request aka Bug ID CSCue79279.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380