Information Disclosure in Cisco Intelligent Automation for Cloud
CVE-2014-3297

Currently unrated

Key Information:

Vendor: Cisco
Status: Cloud Portal
Vendor: CVE Published:; 2 July 2014

What is CVE-2014-3297?

The Cisco Intelligent Automation for Cloud in Cisco Cloud Portal is susceptible to an information disclosure vulnerability due to improper restrictions on MyServices action URLs. This flaw permits remote authenticated users to access sensitive information, potentially allowing them to view web-server access logs, Referer logs, or browser history. It is crucial for organizations using this software to implement the necessary updates and security measures to mitigate these risks.

References

http://secunia.com/advisories/59401

third-party-advisoryx_refsource_SECUNIA

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/68308

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
May 7, 2014