Vulnerability Details CVE-2014-3352
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/60956
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35479
- http://www.securityfocus.com/bid/69458
- http://www.securitytracker.com/id/1030785
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95605
- http://secunia.com/advisories/60956
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35479
- http://www.securityfocus.com/bid/69458
- http://www.securitytracker.com/id/1030785
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95605
Products affected by CVE-2014-3352
-
cpe:2.3:a:cisco:cloud_portal:2008.3
-
cpe:2.3:a:cisco:cloud_portal:9.1
-
cpe:2.3:a:cisco:cloud_portal:9.3
-
cpe:2.3:a:cisco:cloud_portal:9.3.1
-
cpe:2.3:a:cisco:cloud_portal:9.3.2
-
cpe:2.3:a:cisco:cloud_portal:9.4