CVE-2018-0289
https://notcve.org/view.php?id=CVE-2018-0289
A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308. • http://www.securityfocus.com/bid/104196 http://www.securitytracker.com/id/1040925 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12316
https://notcve.org/view.php?id=CVE-2017-12316
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. • http://www.securityfocus.com/bid/101931 http://www.securitytracker.com/id/1039830 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise • CWE-287: Improper Authentication CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2017-3835
https://notcve.org/view.php?id=CVE-2017-3835
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). Una vulnerabilidad en el portal patrocinador de Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto no autenticado acceder a avisos de otros usuarios debido a inyección de SQL. Más Información: CSCvb15627. • http://www.securityfocus.com/bid/96249 http://www.securitytracker.com/id/1037841 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-9214
https://notcve.org/view.php?id=CVE-2016-9214
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130). Cisco Identity Services Engine (ISE) contiene una vulnerabilidad que podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra el usuario de la interfaz web del sistema afectado. Más Información: CSCvb86332 CSCvb86760. • http://www.securityfocus.com/bid/94807 http://www.securitytracker.com/id/1037417 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1485
https://notcve.org/view.php?id=CVE-2016-1485
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. Vulnerabilidad de XSS en Cisco Identity Services Engine 1.3(0.876) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros manipulados, también conocido como Bug ID CSCva46497. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise http://www.securityfocus.com/bid/92518 http://www.securitytracker.com/id/1036647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •