CVE-2014-3298
Summary
| CVE | CVE-2014-3298 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-07-02 10:35:00 UTC |
| Updated | 2015-12-03 18:38:00 UTC |
| Description | Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Cloud Portal | - | All | All | All |
| Application | Cisco | Cloud Portal | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Cloud Portal Form Data Viewer Multiple Information Disclosure Vulnerabilities | BID | www.securityfocus.com | |
| 20140701 Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Security Advisory SA58985 - Cisco Intelligent Automation for Cloud Multiple Information Disclosure Security Issues - Secunia | SECUNIA | secunia.com | |
| tools.cisco.com/security/center/viewAlert.x | CONFIRM | tools.cisco.com | Vendor Advisory |
| Cisco Cloud Portal Discloses Passwords to Remote Authenticated Users - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.