Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XIQ‑SE NAC Admin Credential Exposure via HTTP Response
Vulnerability Description
In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns the underlying credential values in the HTTP response, enabling an authorized administrator to recover stored secrets that may exceed their intended access. We would like to thank the Lockheed Martin Red Team for responsibly reporting this issue and working with us through coordinated disclosure.
CVSS Information
N/A
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
ExtremeCloud IQ Site Engine 安全漏洞
Vulnerability Description
ExtremeCloud IQ Site Engine是美国Extreme公司的一套集中式网络管理与控制平台。 ExtremeCloud IQ Site Engine 26.2.10之前版本存在安全漏洞,该漏洞源于NAC管理界面返回底层凭据值,可能导致授权管理员恢复存储的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A