CVE-2014-3297
Summary
| CVE | CVE-2014-3297 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-07-02 10:35:00 UTC |
| Updated | 2015-12-03 18:37:00 UTC |
| Description | Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Cloud Portal | - | All | All | All |
| Application | Cisco | Cloud Portal | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Cloud Portal Discloses Potentially Sensitive Information to Remote Authenticated Users - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Security Advisory SA59401 - Cisco Intelligent Automation for Cloud Password Disclosure Security Issue - Secunia | SECUNIA | secunia.com | |
| Cisco Cloud Portal CVE-2014-3297 Multiple Information Disclosure Vulnerabilities | BID | www.securityfocus.com | |
| 20140701 Cisco Intelligent Automation for Cloud MyServices Vulnerabilities | CISCO | tools.cisco.com | Vendor Advisory |
| tools.cisco.com/security/center/viewAlert.x | CONFIRM | tools.cisco.com | Vendor Advisory |
| Security Advisory SA58985 - Cisco Intelligent Automation for Cloud Multiple Information Disclosure Security Issues - Secunia | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.