Information Disclosure Vulnerability in Management Center (MC) REST API Allows Unauthorized Access to Passwords

Information Disclosure Vulnerability in Management Center (MC) REST API Allows Unauthorized Access to Passwords

CVE-2019-9697 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.

Learn more about our Cis Benchmark Audit For Server Software.