Cisco

Identity Services Engine Software

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2013-5540

  • EPSS 0.36%
  • Veröffentlicht 16.10.2013 10:52:45
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519.

6

CVE-2013-5539

  • EPSS 0.37%
  • Veröffentlicht 16.10.2013 10:52:45
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID...

5

CVE-2013-5538

  • EPSS 0.19%
  • Veröffentlicht 16.10.2013 10:52:45
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.

4.3

CVE-2013-5523

  • EPSS 0.55%
  • Veröffentlicht 10.10.2013 10:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web s...

4.3

CVE-2013-5524

  • EPSS 0.56%
  • Veröffentlicht 10.10.2013 10:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.

6.5

CVE-2013-5525

  • EPSS 0.76%
  • Veröffentlicht 10.10.2013 10:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.

4.3

CVE-2013-5505

  • EPSS 0.52%
  • Veröffentlicht 30.09.2013 17:09:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275.

4.3

CVE-2013-5504

  • EPSS 0.56%
  • Veröffentlicht 30.09.2013 17:09:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266.

4.3

CVE-2012-5744

  • EPSS 0.26%
  • Veröffentlicht 30.08.2013 01:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904.

4.3

CVE-2013-3471

  • EPSS 0.39%
  • Veröffentlicht 29.08.2013 12:07:54
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.