CVE-2014-3298

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/58985
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3298	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34833	Vendor Advisory
http://www.securityfocus.com/bid/68309
http://www.securitytracker.com/id/1030511
http://secunia.com/advisories/58985
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3298	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34833	Vendor Advisory
http://www.securityfocus.com/bid/68309
http://www.securitytracker.com/id/1030511

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:cloud_portal:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:07

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/58985 -~~	() http://secunia.com/advisories/58985 -
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3298 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3298 - Vendor Advisory
References	~~() http://tools.cisco.com/security/center/viewAlert.x?alertId=34833 - Vendor Advisory~~	() http://tools.cisco.com/security/center/viewAlert.x?alertId=34833 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/68309 -~~	() http://www.securityfocus.com/bid/68309 -
References	~~() http://www.securitytracker.com/id/1030511 -~~	() http://www.securitytracker.com/id/1030511 -

Information

Published : 2014-07-02 10:35

Updated : 2024-11-21 02:07

NVD link : CVE-2014-3298

Mitre link : CVE-2014-3298

CVE.ORG link : CVE-2014-3298

JSON object : View

Products Affected

cisco

cloud_portal

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2014-3298", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-02T10:35:25.597", "references": [{"url": "http://secunia.com/advisories/58985", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3298", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34833", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/68309", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1030511", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/58985", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3298", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34833", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/68309", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1030511", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976."}, {"lang": "es", "value": "Form Data Viewer en Cisco Intelligent Automation for Cloud en Cisco Cloud Portal coloca contrase\u00f1as en datos de formularios, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura del c\u00f3digo fuente HTML, tambi\u00e9n conocido como Bug ID CSCui36976."}], "lastModified": "2024-11-21T02:07:49.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:cloud_portal:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CD287F4-D184-48A5-B8F4-FE0D14AE0EBE"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}