Sign-up

ID

VAR-201407-0363


CVE

CVE-2014-3297


TITLE

Cisco Cloud Portal of Cisco Intelligent Automation for Cloud Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-003111

DESCRIPTION

Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927. An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. These issues is being tracked by Cisco BugIds CSCui36937, CSCui37004 and CSCui36927. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures

Trust: 1.98

sources: NVD: CVE-2014-3297 // JVNDB: JVNDB-2014-003111 // BID: 68308 // VULHUB: VHN-71237

AFFECTED PRODUCTS

vendor:ciscomodel:cloud portalscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:cloud portalscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-003111 // CNNVD: CNNVD-201407-066 // NVD: CVE-2014-3297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3297
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3297
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-066
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71237
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3297
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71237
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71237 // JVNDB: JVNDB-2014-003111 // CNNVD: CNNVD-201407-066 // NVD: CVE-2014-3297

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-71237 // JVNDB: JVNDB-2014-003111 // NVD: CVE-2014-3297

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-066

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-066

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003111

PATCH
title:Cisco Intelligent Automation for Cloud MyServices Vulnerabilitiesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3297
Trust: 0.8
title:34834url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34834
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003111

EXTERNAL IDS
db:NVDid:CVE-2014-3297
Trust: 2.8
db:BIDid:68308
Trust: 1.4
db:SECUNIAid:58985
Trust: 1.1
db:SECUNIAid:59401
Trust: 1.1
db:SECTRACKid:1030510
Trust: 1.1
db:JVNDBid:JVNDB-2014-003111
Trust: 0.8
db:CNNVDid:CNNVD-201407-066
Trust: 0.7
db:VULHUBid:VHN-71237
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71237 // 
            
            
            
            BID: 68308 // 
            
            
            
            JVNDB: JVNDB-2014-003111 // 
            
            
            
            CNNVD: CNNVD-201407-066 // 
            
            
            
            NVD: CVE-2014-3297

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3297
Trust: 1.7
url:http://www.securityfocus.com/bid/68308
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34834
Trust: 1.1
url:http://www.securitytracker.com/id/1030510
Trust: 1.1
url:http://secunia.com/advisories/58985
Trust: 1.1
url:http://secunia.com/advisories/59401
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3297
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3297
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71237 // 
            
            
            
            BID: 68308 // 
            
            
            
            JVNDB: JVNDB-2014-003111 // 
            
            
            
            CNNVD: CNNVD-201407-066 // 
            
            
            
            NVD: CVE-2014-3297

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 68308

SOURCES
db:VULHUBid:VHN-71237
db:BIDid:68308
db:JVNDBid:JVNDB-2014-003111
db:CNNVDid:CNNVD-201407-066
db:NVDid:CVE-2014-3297

LAST UPDATE DATE
2025-04-13T23:26:50.337000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71237date:2015-12-03T00:00:00
db:BIDid:68308date:2014-07-08T07:47:00
db:JVNDBid:JVNDB-2014-003111date:2014-08-06T00:00:00
db:CNNVDid:CNNVD-201407-066date:2014-07-03T00:00:00
db:NVDid:CVE-2014-3297date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71237date:2014-07-02T00:00:00
db:BIDid:68308date:2014-07-01T00:00:00
db:JVNDBid:JVNDB-2014-003111date:2014-07-03T00:00:00
db:CNNVDid:CNNVD-201407-066date:2014-07-03T00:00:00
db:NVDid:CVE-2014-3297date:2014-07-02T10:35:25.547