CVE-2014-3352

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
ciscocloud_portal
𝑥
≤ 2008.3
ciscocloud_portal
9.1:sp1
ciscocloud_portal
9.1:sp2
ciscocloud_portal
9.1:sp3
ciscocloud_portal
9.3
ciscocloud_portal
9.3.1
ciscocloud_portal
9.3.2
ciscocloud_portal
9.4
ciscocloud_portal
2008.3
ciscocloud_portal
2008.3:sp6
ciscocloud_portal
2008.3:sp7
ciscocloud_portal
2008.3:sp8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/60956
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352
http://tools.cisco.com/security/center/viewAlert.x?alertId=35479
http://www.securityfocus.com/bid/69458
http://www.securitytracker.com/id/1030785
https://exchange.xforce.ibmcloud.com/vulnerabilities/95605
http://secunia.com/advisories/60956
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352
http://tools.cisco.com/security/center/viewAlert.x?alertId=35479
http://www.securityfocus.com/bid/69458
http://www.securitytracker.com/id/1030785
https://exchange.xforce.ibmcloud.com/vulnerabilities/95605