Identity Services Engine Security Vulnerabilities and Issues — Identity Services Engine CVE List

Lucene search

CiscoIdentity Services Engine

14 matches found

CVE•added 2019/09/05 2:15 a.m.•150 views

CVE-2019-12644

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists ...

6.1CVSS5.9AI score0.00386EPSS

CVE•added 2019/10/16 7:15 p.m.•64 views

CVE-2019-12637

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerabilities are due to insufficient valida...

5.4CVSS5.3AI score0.00287EPSS

CVE•added 2019/10/16 7:15 p.m.•58 views

CVE-2019-12638

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of user...

5.4CVSS5.2AI score0.00287EPSS

CVE•added 2019/07/17 9:15 p.m.•56 views

CVE-2019-1942

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

6.5CVSS5.5AI score0.00182EPSS

CVE•added 2019/05/16 2:29 a.m.•53 views

CVE-2019-1851

A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implem...

6.8CVSS6.6AI score0.00122EPSS

CVE•added 2019/07/17 9:15 p.m.•52 views

CVE-2019-1941

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because t...

6.1CVSS6AI score0.0048EPSS

CVE•added 2019/01/23 10:29 p.m.•44 views

CVE-2018-0187

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnera...

6.5CVSS6.3AI score0.00209EPSS

CVE•added 2019/01/10 6:29 p.m.•43 views

CVE-2018-15456

A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker w...

4.9CVSS4.6AI score0.00141EPSS

CVE•added 2019/10/02 7:15 p.m.•43 views

CVE-2019-12631

A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supp...

6.1CVSS6AI score0.00153EPSS

CVE•added 2019/02/08 6:0 p.m.•42 views

CVE-2019-1673

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some par...

5.4CVSS5.4AI score0.00195EPSS

CVE•added 2019/04/17 10:29 p.m.•41 views

CVE-2019-1718

A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation request...

7.8CVSS6.2AI score0.00533EPSS

CVE•added 2019/04/18 1:29 a.m.•41 views

CVE-2019-1719

A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-suppli...

6.1CVSS5.6AI score0.00171EPSS

CVE•added 2019/01/23 10:29 p.m.•39 views

CVE-2018-15459

A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...

7.2CVSS6.8AI score0.0014EPSS

CVE•added 2019/01/23 10:29 p.m.•35 views

CVE-2018-15455

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this...

6.1CVSS6AI score0.00222EPSS