9 matches found
CVE-2014-3297
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal contains a vulnerability in the MyServices action URLs where sensitive information can be exposed due to improper content restrictions. An authenticated, remote attacker could read sensitive data from web-server access logs, Referer log...
CVE-2014-0694
Cisco Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier contains fixed cryptographic material in binary files, enabling remote attackers to obtain cleartext data from any IAC installation with knowledge of the embedded key. Impact is confidential data leakage due to c...
CVE-2014-3298
The CVE-2014-3298 issue affects Cisco Intelligent Automation for Cloud, specifically the Cloud Portal’s Form Data Viewer Utility. The root cause is that passwords are placed in form data and can be read from the HTML source of the vulnerable page, enabling an authenticated, remote attacker to obt...
CVE-2014-3350
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) is affected by CVE-2014-3350 due to improper sanitization of redirect URLs, enabling an authenticated remote attacker to obtain sensitive information via crafted URLs. The issue arises from URL redirection handling in the product. Th...
CVE-2014-3352
CVE-2014-3352 affects Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) 2008.3_SP9 and earlier. The root cause is improper handling of certain NULL sessions, leading to an information disclosure via crafted packets (the so-called iFrame vulnerability, Bug CSCuh84801). An unauthenticated...
CVE-2013-6708
Cisco Cloud Portal 9.4 contains an unauthenticated file download flaw where an attacker can read files via direct browser request due to insufficient access controls. The issue is documented in CVE-2013-6708 and Cisco’s advisory (Cisco-SA-20131209-CVE-2013-6708). Affected component is the web int...
CVE-2014-3351
Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) is affected by CVE-2014-3351 due to a failure to properly validate NULL sessions. An unauthenticated, remote attacker could send crafted packets to an affected device and view sensitive information, per Cisco’s advisory (Bug IDs CSCuh873...
CVE-2014-3349
Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) suffers an arbitrary file upload vulnerability due to insufficient input validation of file types during file submission. An authenticated, remote attacker could submit a crafted file to an affected device, enabling arbitrary file upload...
CVE-2013-1139
The CVE-2013-1139 issue affects Cisco Cloud Portal nsAPI interface in 9.1 SP1/SP2 and 9.3–9.3.2. It does not properly check privileges, enabling remote authenticated users to obtain sensitive information via a crafted URL (Bug CSCud81134). Documents show affected versions and the root cause (insu...