Lucene search

[email protected]NVD:CVE-2014-0681

HistoryJan 29, 2014 - 6:34 p.m.

CVE-2014-0681

2014-01-2918:34:05

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

61.0%

JSON

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.

Affected configurations

Nvd

Node

ciscoidentity_services_engine_softwareRange≤1.2

VendorProductVersionCPE
ciscoidentity_services_engine_software*cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine_software	*	cpe:2.3:a:cisco:identity_services_engine_software::::::::

References

osvdb.org/102589

secunia.com/advisories/56714

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681

tools.cisco.com/security/center/viewAlert.x?alertId=32609

www.securityfocus.com/bid/65183

www.securitytracker.com/id/1029699

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

61.0%

JSON

Related for NVD:CVE-2014-0681

cve1 cisco1 cvelist1 prion1