Identity Services Engine@3.0.0 Security Vulnerabilities and Issues — Identity Services Engine@3.0.0 CVE List

Lucene search

CiscoIdentity Services Engine3.0.0

10 matches found

CVE•added 2024/01/17 5:15 p.m.•90 views

CVE-2024-20251

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability exists because the web-based ma...

5.4CVSS5AI score0.00072EPSS

CVE•added 2024/11/06 5:15 p.m.•82 views

CVE-2024-20531

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker woul...

6.5CVSS5.7AI score0.00079EPSS

CVE•added 2024/08/07 5:15 p.m.•50 views

CVE-2024-20479

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected...

4.8CVSS6.6AI score0.00096EPSS

CVE•added 2024/11/06 5:15 p.m.•46 views

CVE-2024-20537

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker coul...

6.5CVSS6.4AI score0.00031EPSS

CVE•added 2024/08/07 5:15 p.m.•45 views

CVE-2024-20443

5.4CVSS6.6AI score0.00106EPSS

CVE•added 2024/10/02 5:15 p.m.•43 views

CVE-2024-20515

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration set...

6.5CVSS6.2AI score0.00069EPSS

CVE•added 2024/11/06 5:15 p.m.•42 views

CVE-2024-20525

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attack...

6.1CVSS6.3AI score0.00076EPSS

CVE•added 2024/11/06 5:15 p.m.•40 views

CVE-2024-20538

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An at...

6.1CVSS6.3AI score0.00076EPSS

CVE•added 2024/11/06 5:15 p.m.•39 views

CVE-2024-20530

6.1CVSS6.3AI score0.00076EPSS

CVE•added 2024/11/06 5:15 p.m.•37 views

CVE-2024-20539

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. A...

4.8CVSS5.2AI score0.00058EPSS