Cisco Cloud Portal Software gives up too much information

According to the National Vulnerability Database

Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history

———————————————————————————————

This vulnerability is medium, and although is not a direct access vulnerability, it allows an attacker an in, and slowly with more and more information they can make a case to attack within other methods and directions.

 

Cisco Link about Intelligent Automation vulnerability.