Identity Services Engine Software Security Vulnerabilities and Issues — Identity Services Engine Software CVE List

Lucene search

CiscoIdentity Services Engine Software

8 matches found

CVE•added 2015/07/14 5:59 p.m.•53 views

CVE-2015-4268

Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052.

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2015/06/24 10:59 a.m.•50 views

CVE-2015-4219

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid c...

4CVSS6AI score0.00408EPSS

CVE•added 2015/07/15 6:59 p.m.•45 views

CVE-2015-4267

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.

6.8CVSS7.4AI score0.00117EPSS

CVE•added 2015/01/15 10:59 p.m.•44 views

CVE-2014-8022

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.

4.3CVSS5.9AI score0.00295EPSS

CVE•added 2015/07/16 7:59 p.m.•43 views

CVE-2015-4266

The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-...

4.3CVSS6.5AI score0.00217EPSS

CVE•added 2015/06/12 2:59 p.m.•39 views

CVE-2015-4182

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.

5.5CVSS6.1AI score0.00206EPSS

CVE•added 2015/08/28 3:59 p.m.•39 views

CVE-2015-6266

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

5CVSS6.1AI score0.0023EPSS

CVE•added 2015/05/29 3:59 p.m.•35 views

CVE-2015-0757

The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.

5CVSS6.4AI score0.00261EPSS