5 matches found
CVE-2014-3297
Cisco Intelligent Automation for Cloud in Cisco Cloud Portal contains a vulnerability in the MyServices action URLs where sensitive information can be exposed due to improper content restrictions. An authenticated, remote attacker could read sensitive data from web-server access logs, Referer log...
CVE-2014-3298
The CVE-2014-3298 issue affects Cisco Intelligent Automation for Cloud, specifically the Cloud Portal’s Form Data Viewer Utility. The root cause is that passwords are placed in form data and can be read from the HTML source of the vulnerable page, enabling an authenticated, remote attacker to obt...
CVE-2014-3350
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) is affected by CVE-2014-3350 due to improper sanitization of redirect URLs, enabling an authenticated remote attacker to obtain sensitive information via crafted URLs. The issue arises from URL redirection handling in the product. Th...
CVE-2014-3351
Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) is affected by CVE-2014-3351 due to a failure to properly validate NULL sessions. An unauthenticated, remote attacker could send crafted packets to an affected device and view sensitive information, per Cisco’s advisory (Bug IDs CSCuh873...
CVE-2014-3349
Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) suffers an arbitrary file upload vulnerability due to insufficient input validation of file types during file submission. An authenticated, remote attacker could submit a crafted file to an affected device, enabling arbitrary file upload...