CVE-2014-3352

EPSS 1.05%
Veröffentlicht 30.08.2014 09:55:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Cloud Portal Updatesp9 Version <= 2008.3

Cisco ≫ Cloud Portal Version9.1 Updatesp1

Cisco ≫ Cloud Portal Version9.1 Updatesp2

Cisco ≫ Cloud Portal Version9.1 Updatesp3

Cisco ≫ Cloud Portal Version9.3

Cisco ≫ Cloud Portal Version9.3.1

Cisco ≫ Cloud Portal Version9.3.2

Cisco ≫ Cloud Portal Version9.4

Cisco ≫ Cloud Portal Version2008.3

Cisco ≫ Cloud Portal Version2008.3 Updatesp6

Cisco ≫ Cloud Portal Version2008.3 Updatesp7

Cisco ≫ Cloud Portal Version2008.3 Updatesp8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.05%	0.755

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/60956

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=35479

Vendor Advisory

http://www.securityfocus.com/bid/69458

http://www.securitytracker.com/id/1030785

https://exchange.xforce.ibmcloud.com/vulnerabilities/95605

https://nvd.nist.gov/vuln/detail/CVE-2014-3352

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3352

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3352

EUVD