Skip to main content

Cloud Portal

39 CVEs product

Monthly

CVE-2025-31950 MEDIUM This Month

An unauthenticated attacker can obtain EV charger energy consumption information of other users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31945 MEDIUM This Month

An unauthenticated attacker can obtain other users' charger information. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31654 MEDIUM This Month

An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-31360 MEDIUM This Month

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-31147 MEDIUM This Month

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30512 MEDIUM This Month

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-30510 CRITICAL Act Now

An attacker can upload an arbitrary file instead of a plant image. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-30257 MEDIUM This Month

Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27929 MEDIUM This Month

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27927 MEDIUM This Month

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27719 MEDIUM This Month

Unauthenticated attackers can query an API endpoint and get device details. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27575 MEDIUM This Month

An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27565 MEDIUM This Month

An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-27561 MEDIUM This Month

Unauthenticated attackers can rename "rooms" of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-26857 MEDIUM This Month

Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-25276 MEDIUM This Month

An unauthenticated attacker can hijack other users' devices and potentially control them. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-24850 MEDIUM This Month

An attacker can export other users' plant information. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-24315 MEDIUM This Month

Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2025-24297 CRITICAL Act Now

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Portal
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-31949 MEDIUM This Month

An authenticated attacker can obtain any plant name by knowing the plant ID. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-31941 MEDIUM This Month

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31933 MEDIUM This Month

An unauthenticated attacker can check the existence of usernames in the system by querying an API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-31357 MEDIUM This Month

An unauthenticated attacker can obtain a user's plant list by knowing the username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30514 MEDIUM This Month

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-30511 HIGH This Week

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cloud Portal
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-30254 MEDIUM This Month

An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27939 MEDIUM This Month

An attacker can change registered email addresses of other users and take over arbitrary accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-27938 MEDIUM This Month

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-27568 MEDIUM This Month

An unauthenticated attacker can get users' emails by knowing usernames. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-24487 MEDIUM This Month

An unauthenticated attacker can infer the existence of usernames in the system by querying an API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2014-3352 MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Cloud Portal
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-3351 MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Cloud Portal
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3350 MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3349 MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3298 MEDIUM This Month

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3297 MEDIUM This Month

Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-0694 MEDIUM This Month

Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Portal
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6708 MEDIUM This Month

Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Cloud Portal
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-1139 MEDIUM This Month

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.2%
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can obtain EV charger energy consumption information of other users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can obtain other users' charger information. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

An attacker can upload an arbitrary file instead of a plant image. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can query an API endpoint and get device details. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can rename "rooms" of arbitrary users. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can hijack other users' devices and potentially control them. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An attacker can export other users' plant information. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An authenticated attacker can obtain any plant name by knowing the plant ID. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can check the existence of usernames in the system by querying an API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can obtain a user's plant list by knowing the username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An attacker can change registered email addresses of other users and take over arbitrary accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms"). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can get users' emails by knowing usernames. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An unauthenticated attacker can infer the existence of usernames in the system by querying an API. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Portal
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Cloud Portal
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Cloud Portal
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Cloud Portal
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Cloud Portal
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Portal
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Cloud Portal
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Portal
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Cloud Portal
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Cloud Portal
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy