Sign-up

ID

VAR-201407-0364


CVE

CVE-2014-3298


TITLE

Cisco Cloud Portal of Cisco Intelligent Automation for Cloud of Form Data Viewer Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-003112

DESCRIPTION

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. Cisco Cloud Portal is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to passwords that may aid in further attacks. These issues are being tracked by Cisco BugId CSCui36976. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures

Trust: 1.98

sources: NVD: CVE-2014-3298 // JVNDB: JVNDB-2014-003112 // BID: 68309 // VULHUB: VHN-71238

AFFECTED PRODUCTS

vendor:ciscomodel:cloud portalscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:cloud portalscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-003112 // CNNVD: CNNVD-201407-067 // NVD: CVE-2014-3298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3298
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3298
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-067
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71238
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3298
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71238
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71238 // JVNDB: JVNDB-2014-003112 // CNNVD: CNNVD-201407-067 // NVD: CVE-2014-3298

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-71238 // JVNDB: JVNDB-2014-003112 // NVD: CVE-2014-3298

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-067

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201407-067

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003112

PATCH
title:Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3298
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003112

EXTERNAL IDS
db:NVDid:CVE-2014-3298
Trust: 2.8
db:BIDid:68309
Trust: 1.4
db:SECUNIAid:58985
Trust: 1.1
db:SECTRACKid:1030511
Trust: 1.1
db:JVNDBid:JVNDB-2014-003112
Trust: 0.8
db:CNNVDid:CNNVD-201407-067
Trust: 0.7
db:VULHUBid:VHN-71238
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71238 // 
            
            
            
            BID: 68309 // 
            
            
            
            JVNDB: JVNDB-2014-003112 // 
            
            
            
            CNNVD: CNNVD-201407-067 // 
            
            
            
            NVD: CVE-2014-3298

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3298
Trust: 1.7
url:http://www.securityfocus.com/bid/68309
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34833
Trust: 1.1
url:http://www.securitytracker.com/id/1030511
Trust: 1.1
url:http://secunia.com/advisories/58985
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3298
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3298
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71238 // 
            
            
            
            BID: 68309 // 
            
            
            
            JVNDB: JVNDB-2014-003112 // 
            
            
            
            CNNVD: CNNVD-201407-067 // 
            
            
            
            NVD: CVE-2014-3298

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 68309

SOURCES
db:VULHUBid:VHN-71238
db:BIDid:68309
db:JVNDBid:JVNDB-2014-003112
db:CNNVDid:CNNVD-201407-067
db:NVDid:CVE-2014-3298

LAST UPDATE DATE
2025-04-13T23:26:50.368000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71238date:2015-12-03T00:00:00
db:BIDid:68309date:2014-07-01T00:00:00
db:JVNDBid:JVNDB-2014-003112date:2014-07-03T00:00:00
db:CNNVDid:CNNVD-201407-067date:2014-07-03T00:00:00
db:NVDid:CVE-2014-3298date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71238date:2014-07-02T00:00:00
db:BIDid:68309date:2014-07-01T00:00:00
db:JVNDBid:JVNDB-2014-003112date:2014-07-03T00:00:00
db:CNNVDid:CNNVD-201407-067date:2014-07-03T00:00:00
db:NVDid:CVE-2014-3298date:2014-07-02T10:35:25.597