| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh87549 | Title: | persistent xss - cloupia - /app/cloudmgr/portal/userreport.html |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh87565 | Title: | Persistent XSS in Cloupia Tomcat Log |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv03354 | Title: | Unable to Add UCSM 2.2-(5a) Account in UCSD 5.3 Appliance. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Unable to Add UCSM Account Version 2.2 (5a) in the UCSD Version 5.3.
Conditions:
In the UCSD , Administration -> Physical Accounts, While Try to add the UCSM Account Version 2.2 (5a) will show 'Account Not Reachable' Message.
Workaround:
Apply UCSD Version : 5.3.1.1 Patch.
Further Problem Description:
|
|
Last Modified: | 30-AUG-2015 |
|
Known Affected Releases: | 5.3(0.0), 5.3(1.0), 5.3(2.0) |
|
Known Fixed Releases: | 5.3(1.1), 5.3(1.2) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv94260 | Title: | Update Trunk removing VLANs for some port-channels |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Traffic drop as VLANs removed from trunk configuration
Conditions:
Port-channel configuration with multiple VLANs part of the trunk
Workaround:
None
Further Problem Description:
Impacts functionality
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 5.3(1.2) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh87560 | Title: | Persistent XSS in Cloupia Infra Manager Log |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh87547 | Title: | persistent xss - cloupia - /app/cloudmgr/portal/approvals.html |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh87557 | Title: | Persistent XSS in Cloupia Advanced System Information Log |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh87544 | Title: | persistent xss - cloupia - CloudSense HTML Reports |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in Cloupia of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to conduct a cross-site
scripting (XSS) attack.
The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to
access a malicious link.
Conditions:
An affected device with default configuration.
Workaround:
None
Further Problem Description:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.5/3.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 3.4(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu90229 | Title: | SRM: Unable to roll back some of the SRM tasks |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
Unable to roll back some of the SRM tasks
Conditions:
API is not available to implement rollback (delete)
Unable to roll back some of the SRM tasks,Below tasks are not implemented with Rollback functionality
Add Srm Folder Mapping
Add Srm Network Mapping
Add Srm Resource Pool Mapping
Add Protection Group to Recovery Plan
Create SRM protection group
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3(2.0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv77720 | Title: | VM Provision task isue if Catalog is user input without windows license |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
VMware Provision Inputs task cannot be submitted
Conditions:
If no windows license is provided in Catalog or System Policy
If Catalog selection is mapped as user input
Workaround:
Create system policy or catalog with windows license
Further Problem Description:
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 5.3(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv97040 | Title: | VM Provision fails intermittently due to issue finding network resources |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
VM Provision fails intermittently due to issue finding network resources
Conditions:
None
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 5.3(1.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv45598 | Title: | To address only the crontab missing in 5.3.1.2 release |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Customer found an issue while configure the Crontab, 'vixie-cron is no longer included in the OVF .due to missing files unable to execute Crontab.
Conditions:
Unable to execute the Crontab and also 'vixie-cron' package related commands on 5.3 Appliance.
Workaround:
Apply 5.3.1.2 Patch, which fix ''vixie-cron ' Packages issue.
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.3(1.2) |
|
Known Fixed Releases: | 5.3(1.2) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv99860 | Title: | Access Denied trying to connect to NetApp with VSC |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
When running custom workflow task we are hitting access denied issue
Conditions:
None
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 29-AUG-2015 |
|
Known Affected Releases: | 5.2(0.2) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw02358 | Title: | HyperV inventory collection some of the resources not getting updated |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
While getting data for Hosts, VMs and other objects, timeout is occurring when the wait period of the cmdlets is exceeding 5 minutes.In such cases the call bails out with a ?Connection Timed Out? Exception, and no data is returned.
Conditions:
Due to large infrastructure
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 5.3(1.2) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu88213 | Title: | SRM:Folder report need to show secondary folder information |
|
Status: | Terminated |
|
Severity: | 4 Minor |
Description: | Symptom:
Folder report need to show secondary folder information
Conditions:
Its a limitation at frame work level in the UCSD
Workaround:
If you map these tasks in the work flow then you can able to get the desired outputs but individually if you you will get the validation issues
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 5.3(2.0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv73989 | Title: | Validating imported WFs (default factory WFs) in different thread |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
When trying to execute a workflow and if we get "Workflow needs to be validated before executing it" message.
Conditions:
When execute 'Not Validated' workflow
Workaround:
Have to manually validate to execute the workflow or wait till the 'Workflow Validation System task" validates the workflow.
Further Problem Description:
|
|
Last Modified: | 21-AUG-2015 |
|
Known Affected Releases: | 5.3(2.0), 5.4(0.0) |
|
Known Fixed Releases: | |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论