{"api_version":"1","generated_at":"2026-05-05T23:00:52+00:00","cve":"CVE-2014-3297","urls":{"html":"https://cve.report/CVE-2014-3297","api":"https://cve.report/api/cve/CVE-2014-3297.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-3297","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-3297"},"summary":{"title":"CVE-2014-3297","description":"Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2014-07-02 10:35:00","updated_at":"2015-12-03 18:37:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1030510","name":"1030510","refsource":"SECTRACK","tags":[],"title":"Cisco Cloud Portal Discloses Potentially Sensitive Information to Remote Authenticated Users - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/59401","name":"59401","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA59401 - Cisco Intelligent Automation for Cloud Password Disclosure Security Issue - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/68308","name":"68308","refsource":"BID","tags":[],"title":"Cisco Cloud Portal CVE-2014-3297 Multiple Information Disclosure Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3297","name":"20140701 Cisco Intelligent Automation for Cloud MyServices Vulnerabilities","refsource":"CISCO","tags":["Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=34834","name":"http://tools.cisco.com/security/center/viewAlert.x?alertId=34834","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/58985","name":"58985","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA58985 - Cisco Intelligent Automation for Cloud Multiple Information Disclosure Security Issues - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-3297","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3297","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"3297","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"cloud_portal","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3297","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"cloud_portal","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2014-3297","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"59401","refsource":"SECUNIA","url":"http://secunia.com/advisories/59401"},{"name":"http://tools.cisco.com/security/center/viewAlert.x?alertId=34834","refsource":"CONFIRM","url":"http://tools.cisco.com/security/center/viewAlert.x?alertId=34834"},{"name":"68308","refsource":"BID","url":"http://www.securityfocus.com/bid/68308"},{"name":"58985","refsource":"SECUNIA","url":"http://secunia.com/advisories/58985"},{"name":"20140701 Cisco Intelligent Automation for Cloud MyServices Vulnerabilities","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3297"},{"name":"1030510","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1030510"}]}},"nvd":{"publishedDate":"2014-07-02 10:35:00","lastModifiedDate":"2015-12-03 18:37:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:cloud_portal:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"3297","Ordinal":"70248","Title":"CVE-2014-3297","CVE":"CVE-2014-3297","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"3297","Ordinal":"1","NoteData":"Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"3297","Ordinal":"2","NoteData":"2014-07-02","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"3297","Ordinal":"3","NoteData":"2014-07-22","Type":"Other","Title":"Modified"}]}}}