CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5540
https://notcve.org/view.php?id=CVE-2013-5540
The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519. La caracteristica file-upload en Cisco Identity Services Engine (ISE) permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco y corte del interface de administración) subiendo muchos archivos, tambien conocido como Bug ID CSCui67519. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5538
https://notcve.org/view.php?id=CVE-2013-5538
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. El Sponsor Portal en Cisco Identity Services Engine (ISE) usa permisos débiles para subir archivos, lo que permite a atacantes remotos leer archivos arbitrarios a través de peticiones directas, también conocido como Bug ID CSCui67506. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5541
https://notcve.org/view.php?id=CVE-2013-5541
Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495. Vulnerabilidad de XSS en la interfaz de file-upload de Cisco Identity Services Engine (ISE) permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a través de un nombre de archivo diseñado, conocido como Bug ID CSCui67495. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5523
https://notcve.org/view.php?id=CVE-2013-5523
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666. El Sponsor Portal in Cisco Identity Services Engine (ISE) y anteriores versiones no restringe adecuadamente el uso de elementos IFRAME, lo que hace más sencillo para atacantes remotos llevar a cabo ataques de clickjacking y otros sin especificar a través de un sitio web manipulado, relacionado con el fallo "cross-frame scripting (XFS)", también conocido como Bug ID CSCui82666. • http://osvdb.org/98168 http://secunia.com/advisories/55207 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 http://tools.cisco.com/security/center/viewAlert.x?alertId=31161 http://www.securityfocus.com/bid/62869 http://www.securitytracker.com/id/1029157 https://exchange.xforce.ibmcloud.com/vulnerabilities/87724 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5524
https://notcve.org/view.php?id=CVE-2013-5524
Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655. Vulnerabilidad de inyección XSS en la página de solución de problemas en Cisco Identity Services Engine (ISE) 1.2 y anteriores permite a atacantes remotos inyectar script web o HTML arbitrario a través de parámetros sin especificar, también conocido como Bug ID CSCug77655. • http://osvdb.org/98166 http://secunia.com/advisories/55067 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524 http://tools.cisco.com/security/center/viewAlert.x?alertId=31159 http://www.securityfocus.com/bid/62870 http://www.securitytracker.com/id/1029155 https://exchange.xforce.ibmcloud.com/vulnerabilities/87722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •