Cloud Portal Security Vulnerabilities and Issues — Cloud Portal CVE List

Lucene search

CiscoCloud Portal

9 matches found

CVE•added 2014/07/02 10:35 a.m.•40 views

CVE-2014-3297

Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka ...

4CVSS6AI score0.0044EPSS

CVE•added 2014/03/14 10:55 a.m.•37 views

CVE-2014-0694

Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772...

5CVSS6.9AI score0.0025EPSS

CVE•added 2014/07/02 10:35 a.m.•37 views

CVE-2014-3298

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976.

4CVSS5.8AI score0.00306EPSS

CVE•added 2014/08/29 10:0 a.m.•35 views

CVE-2014-3350

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870.

4CVSS5.8AI score0.00273EPSS

CVE•added 2013/12/10 6:14 a.m.•32 views

CVE-2013-6708

Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889.

5CVSS6.8AI score0.00968EPSS

CVE•added 2014/08/30 10:0 a.m.•32 views

CVE-2014-3352

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCu...

4.3CVSS6.4AI score0.01049EPSS

CVE•added 2014/08/29 10:0 a.m.•30 views

CVE-2014-3349

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410.

4CVSS6.6AI score0.00265EPSS

CVE•added 2014/08/29 10:0 a.m.•30 views

CVE-2014-3351

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.

5CVSS6.4AI score0.00272EPSS

CVE•added 2013/02/27 12:55 a.m.•28 views

CVE-2013-1139

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.

4CVSS5.8AI score0.00153EPSS