CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3275
https://notcve.org/view.php?id=CVE-2014-3275
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337. Vulnerabilidad de inyección SQL en el Framework web en Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCul21337. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275 http://tools.cisco.com/security/center/viewAlert.x?alertId=34328 http://www.securityfocus.com/bid/67555 http://www.securitytracker.com/id/1030273 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0681
https://notcve.org/view.php?id=CVE-2014-0681
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064. Cross-site scripting (XSS) en Cisco Identity Services Engine (ISE) 1.2 parche 2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un informe que contiene una URL manipulada que no se maneja adecuadamente durante la generación de páginas de informe de salida , también conocido como Bug ID CSCui15064. • http://osvdb.org/102589 http://secunia.com/advisories/56714 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681 http://tools.cisco.com/security/center/viewAlert.x?alertId=32609 http://www.securityfocus.com/bid/65183 http://www.securitytracker.com/id/1029699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5530
https://notcve.org/view.php?id=CVE-2013-5530
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. El framework web de Cisco Identitiy Services Engine (ISE) 1.0 y 1.1.0 antes 1.1.0.665-5, antes 1.1.1.268-7 1.1.1, 1.1.2 antes 1.1.2.145-10, 1.1.3 antes 1.1.3.124 -7, antes 1.1.4.218-7 1.1.4 y 1.2 antes 1.2.0.899-2 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una sesión manipulada en el puerto TCP 443, también conocido como Bug ID CSCuh81511. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise http://www.kb.cert.org/vuls/id/952422 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5531
https://notcve.org/view.php?id=CVE-2013-5531
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. Cisco Identity Services Engine (ISE) 1.x anteriores a 1.1.1 permite a atacantes remotos sortear la autenticación, y leer configuración de soporte y datos de credenciales, a traves de una sesion TCP manipulada en el puerto 443, tambien conocido como Bug ID CSCty20405. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5523
https://notcve.org/view.php?id=CVE-2013-5523
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666. El Sponsor Portal in Cisco Identity Services Engine (ISE) y anteriores versiones no restringe adecuadamente el uso de elementos IFRAME, lo que hace más sencillo para atacantes remotos llevar a cabo ataques de clickjacking y otros sin especificar a través de un sitio web manipulado, relacionado con el fallo "cross-frame scripting (XFS)", también conocido como Bug ID CSCui82666. • http://osvdb.org/98168 http://secunia.com/advisories/55207 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 http://tools.cisco.com/security/center/viewAlert.x?alertId=31161 http://www.securityfocus.com/bid/62869 http://www.securitytracker.com/id/1029157 https://exchange.xforce.ibmcloud.com/vulnerabilities/87724 • CWE-20: Improper Input Validation •