CVE-2014-3297 Information

Feb 14, 2021 cve

Description

Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs (2) web-server Referer logs or (3) the browser history aka Bug IDs CSCui36937 CSCui37004 and CSCui36927.

Reference

http://secunia.com/advisories/58985 http://secunia.com/advisories/59401 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3297 http://tools.cisco.com/security/center/viewAlert.x?alertId=34834 http://www.securityfocus.com/bid/68308 http://www.securitytracker.com/id/1030510

Share on: