| |
Bug Id: | CSCuu42736 |
Title: | Workflow through Guided Setup taking user input on static values |
|
Description: | Symptom:
I have created a workflow through Guided Setup, where I am using SSH task with static user input. But when I run it, its again ask me for the same input parameters.
Conditions:
I have created a workflow through Guided Setup, where I am using SSH task with static user input. But when I run it, its again ask me for the same input parameters
Workaround:
Further Problem Description:
I have created a workflow through Guided Setup, where I am using SSH task with static user input. But when I run it, its again ask me for the same input parameters
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 20-MAY-2015 |
|
Known Affected Releases: | 5.3(0.0) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuh87551 |
Title: | persistent xss - cloupia - /app/cloudmgr/portal/index.html |
|
Description: | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuh87557 |
Title: | Persistent XSS in Cloupia Advanced System Information Log |
|
Description: | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuh87556 |
Title: | Persistent XSS in Cloupia Basic System Information Log |
|
Description: | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuh87549 |
Title: | persistent xss - cloupia - /app/cloudmgr/portal/userreport.html |
|
Description: | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCur02877 |
Title: | UCSD vulnerable to CVE-2014-6271 and CVE-2014-7169 |
|
Description: | Symptom:
The following Cisco products
Cisco UCS Director
Cisco UCS Director BMA
include a version of Bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-6271
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
This bug has been opened to address the potential impact on this product.
Conditions:
Exposure is not configuration dependant.
Authentication is required to exploit this vulnerability
Workaround:
Not applicable
Further Problem Description:
Software Fixed Release:
cucsd_4_1_0_5_bash_hotfix.zip (4.x customers) - available 10/2/2014
cucsd_5_0_0_0_bash_hotfix.zip (5.0 customers) - available 10/2/2014
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-MAY-2015 |
|
Known Affected Releases: | 5.0(0.1) |
|
Known Fixed Releases: | 5.0(0.2), 5.1(0.0) |
|
|
| |
| |
Bug Id: | CSCus27245 |
Title: | December 2014 - NTPd.org Vulnerabilities |
|
Description: |
Symptom:
This product includes a version of NTPd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
This bug has been opened to address the potential impact on this product.
Conditions:
Cisco UCS Director 5.1.0.1B HOTFIX Patch (PSIRT FIX FOR NTP - Patch need to be applied on top of 5.1.0.1A and above). Date of release JAN 15th 2015
Cisco UCS Director 5.2.0.0A HOTFIX Patch (PSIRT FIX FOR NTP - Patch need to be applied on top of 5.2.0.0 and above). Date of release JAN 15th 2015
Workaround:
Not available.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the
time of evaluation are: 7.5/7.1
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-MAY-2015 |
|
Known Affected Releases: | 5.1(0.0) |
|
Known Fixed Releases: | 5.3(0.0) |
|
|
| |
| |
Bug Id: | CSCuh87547 |
Title: | persistent xss - cloupia - /app/cloudmgr/portal/approvals.html |
|
Description: | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuj36596 |
Title: | Tracking bug to address clear text password in 4.0.1.0 |
|
Description: | Symptoms:
Cleartext passwords are written in a log file
Conditions:
None
Workaround:
If they are no longer needed, delete log files.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-MAY-2015 |
|
Known Affected Releases: | 4.0 |
|
Known Fixed Releases: | 4.0, 4.100 |
|
|
| |
| |
Bug Id: | CSCuh87565 |
Title: | Persistent XSS in Cloupia Tomcat Log |
|
Description: | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCur16686 |
Title: | UCSD upgraded to 5.x-Guest OS customization for VM is not working |
|
Description: | Symptom:
Guest OS customization fails for the provisioned VM
Conditions:
This issue happens when the adapter type for nic in network policy is same as the one one on the template.
Workaround:
Select a adapter type that is different to what is available in the template
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-MAY-2015 |
|
Known Affected Releases: | 5.1(0.0) |
|
Known Fixed Releases: | 5.1(0.1), 5.2(0.0) |
|
|
| |
| |
Bug Id: | CSCuh87560 |
Title: | Persistent XSS in Cloupia Infra Manager Log |
|
Description: | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuh87544 |
Title: | persistent xss - cloupia - CloudSense HTML Reports |
|
Description: | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 26-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuh87353 |
Title: | Directory Traversal via Unathenticated File Upload |
|
Description: | Symptoms:
A vulnerability in the CustomUploader of Cisco Intelligent Automation for Cloud could allow an unauthenticated, to upload arbitrary files to an
affected
device.
An attacker could exploit this vulnerability by submitting specially crafted URL
requests to a vulnerable device.
Conditions:
An affected device with default configuration
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.4:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-MAY-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuh87398 |
Title: | Information Disclosure via Null Session |
|
Description: | Symptom:
A vulnerability in Cisco UCS Director could allow an unauthenticated, remote attacker to view sensitive information.
The vulnerability is due to a failure to properly check for certain NULL sessions. An attacker could exploit this vulnerability by submitting
specially crafted packets to an affected device.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:C
CVE ID CVE-2014-3351 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3351
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 26-MAY-2015 |
|
Known Affected Releases: | 3.4(0.1) |
|
Known Fixed Releases: | |
|
|
| |
没有评论:
发表评论