Identity Services Engine Security Vulnerabilities and Issues — Identity Services Engine CVE List

Lucene search

CiscoIdentity Services Engine

4 matches found

CVE•added 2013/10/16 10:52 a.m.•40 views

CVE-2013-5539

The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.

6CVSS6.6AI score0.00366EPSS

CVE•added 2013/10/16 10:52 a.m.•35 views

CVE-2013-5541

Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.

3.5CVSS5.3AI score0.00185EPSS

CVE•added 2013/10/16 10:52 a.m.•34 views

CVE-2013-5538

The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.

5CVSS6.9AI score0.0019EPSS

CVE•added 2013/10/16 10:52 a.m.•33 views

CVE-2013-5540

The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519.

6.8CVSS6.4AI score0.00363EPSS