CVE-2014-3289
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.
Vulnerabilidad de XSS en la interfaz de gestión web en Cisco AsyncOS en Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) y anteriores y Content Security Management Appliance (SMA) 8.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro manipulado, tal y como fue demostrado por el parámetro date_range en monitor/reports/overview en IronPort ESA, también conocido como Bug IDs CSCun07998, CSCun07844 y CSCun07888.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-07 CVE Reserved
- 2014-06-10 CVE Published
- 2024-01-21 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html | X_refsource_misc | |
http://www.kb.cert.org/vuls/id/613308 | Third Party Advisory | |
http://www.securityfocus.com/bid/67943 | Third Party Advisory | |
http://www.securitytracker.com/id/1030407 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
http://seclists.org/fulldisclosure/2014/Jun/57 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289 | 2018-10-30 | |
http://tools.cisco.com/security/center/viewAlert.x?alertId=34569 | 2018-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos" | <= 8.0 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 8.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | - | - |
Affected
|
Cisco Search vendor "Cisco" | Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos" | <= 8.3 Search vendor "Cisco" for product "Ironport Asyncos" and version " <= 8.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Content Security Management Appliance Search vendor "Cisco" for product "Content Security Management Appliance" | - | - |
Affected
|
Cisco Search vendor "Cisco" | Ironport Asyncos Search vendor "Cisco" for product "Ironport Asyncos" | 8.0 Search vendor "Cisco" for product "Ironport Asyncos" and version "8.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware" | - | - |
Affected
|