CVE-2014-3297

Sažetak

Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.

Reference

http://secunia.com/advisories/58985
http://secunia.com/advisories/59401
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3297
http://tools.cisco.com/security/center/viewAlert.x?alertId=34834
http://www.securityfocus.com/bid/68308
http://www.securitytracker.com/id/1030510

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

03-12-2015 - 18:37

Objavljeno

02-07-2014 - 10:35