Identity Services Engine Software Security Vulnerabilities and Issues — Identity Services Engine Software CVE List

Lucene search

CiscoIdentity Services Engine Software

3 matches found

CVE•added 2015/07/14 5:59 p.m.•53 views

CVE-2015-4268

Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052.

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2015/07/15 6:59 p.m.•45 views

CVE-2015-4267

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.

6.8CVSS7.4AI score0.00117EPSS

CVE•added 2015/07/16 7:59 p.m.•43 views

CVE-2015-4266

The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-...

4.3CVSS6.5AI score0.00217EPSS