Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

2024-08-0716:00:00

tools.cisco.com

cisco identity services engine

cross-site scripting

web-based management

AI Score

6.1

Confidence

High

EPSS

Percentile

14.7%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-V2bm9JCY”]

Affected configurations

Vulners

Node

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatchany

ciscoidentity_services_engine_softwareMatchany

ciscocisco_adaptive_security_appliance_\(asa\)_softwareMatchany

ciscoidentity_services_engine_softwareMatchany

VendorProductVersionCPE
ciscocisco_adaptive_security_appliance_\(asa\)_softwareanycpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:any:*:*:*:*:*:*:*
ciscoidentity_services_engine_softwareanycpe:2.3:a:cisco:identity_services_engine_software:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_adaptive_security_appliance_\(asa\)_software	any	cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:any:::::::*
cisco	identity_services_engine_software	any	cpe:2.3:a:cisco:identity_services_engine_software:any:::::::*