Sign-up

ID

VAR-201408-0170


CVE

CVE-2014-3350


TITLE

Cisco Intelligent Automation for Cloud Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-003992

DESCRIPTION

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870. Vendors have confirmed this vulnerability Bug ID CSCuh84870 It is released as.Crafted by remotely authenticated users URL You may get important information through. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCuh84870. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures. A remote attacker can exploit this vulnerability to obtain sensitive information through a specially crafted URL

Trust: 1.98

sources: NVD: CVE-2014-3350 // JVNDB: JVNDB-2014-003992 // BID: 69457 // VULHUB: VHN-71290

AFFECTED PRODUCTS

vendor:ciscomodel:cloud portalscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:cloud portalscope:lteversion:2008.3_sp9

Trust: 0.8

sources: JVNDB: JVNDB-2014-003992 // CNNVD: CNNVD-201408-463 // NVD: CVE-2014-3350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3350
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3350
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201408-463
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71290
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3350
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71290
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71290 // JVNDB: JVNDB-2014-003992 // CNNVD: CNNVD-201408-463 // NVD: CVE-2014-3350

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-71290 // JVNDB: JVNDB-2014-003992 // NVD: CVE-2014-3350

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-463

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201408-463

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003992

PATCH
title:Cisco Intelligent Automation for Cloud URL Redirection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3350
Trust: 0.8
title:35478url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35478
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003992

EXTERNAL IDS
db:NVDid:CVE-2014-3350
Trust: 2.8
db:BIDid:69457
Trust: 1.4
db:SECTRACKid:1030784
Trust: 1.1
db:JVNDBid:JVNDB-2014-003992
Trust: 0.8
db:CNNVDid:CNNVD-201408-463
Trust: 0.7
db:VULHUBid:VHN-71290
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71290 // 
            
            
            
            BID: 69457 // 
            
            
            
            JVNDB: JVNDB-2014-003992 // 
            
            
            
            CNNVD: CNNVD-201408-463 // 
            
            
            
            NVD: CVE-2014-3350

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3350
Trust: 1.7
url:http://www.securityfocus.com/bid/69457
Trust: 1.1
url:http://www.securitytracker.com/id/1030784
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95587
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3350
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3350
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71290 // 
            
            
            
            BID: 69457 // 
            
            
            
            JVNDB: JVNDB-2014-003992 // 
            
            
            
            CNNVD: CNNVD-201408-463 // 
            
            
            
            NVD: CVE-2014-3350

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 69457

SOURCES
db:VULHUBid:VHN-71290
db:BIDid:69457
db:JVNDBid:JVNDB-2014-003992
db:CNNVDid:CNNVD-201408-463
db:NVDid:CVE-2014-3350

LAST UPDATE DATE
2025-04-13T23:41:28.020000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71290date:2017-08-29T00:00:00
db:BIDid:69457date:2014-09-01T01:03:00
db:JVNDBid:JVNDB-2014-003992date:2014-09-01T00:00:00
db:CNNVDid:CNNVD-201408-463date:2014-09-01T00:00:00
db:NVDid:CVE-2014-3350date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-71290date:2014-08-29T00:00:00
db:BIDid:69457date:2014-08-28T00:00:00
db:JVNDBid:JVNDB-2014-003992date:2014-09-01T00:00:00
db:CNNVDid:CNNVD-201408-463date:2014-08-29T00:00:00
db:NVDid:CVE-2014-3350date:2014-08-29T09:55:08.213