CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0681
https://notcve.org/view.php?id=CVE-2014-0681
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064. Cross-site scripting (XSS) en Cisco Identity Services Engine (ISE) 1.2 parche 2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un informe que contiene una URL manipulada que no se maneja adecuadamente durante la generación de páginas de informe de salida , también conocido como Bug ID CSCui15064. • http://osvdb.org/102589 http://secunia.com/advisories/56714 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681 http://tools.cisco.com/security/center/viewAlert.x?alertId=32609 http://www.securityfocus.com/bid/65183 http://www.securitytracker.com/id/1029699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0665
https://notcve.org/view.php?id=CVE-2014-0665
The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904. La implementación de RBAC en Cisco Identity Services Engine (ISE) de software no comprueba correctamente los privilegios para las descargas de soporte-bundle, lo que permite a usuarios remotos autenticados obtener información sensible a través de una acción de descarga, como se ha demostrado mediante la obtención de acceso de lectura a la base de datos de usuario, también conocido como Bug ID CSCul83904. • http://osvdb.org/102118 http://secunia.com/advisories/56439 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665 http://tools.cisco.com/security/center/viewAlert.x?alertId=32448 http://www.securityfocus.com/bid/64939 http://www.securitytracker.com/id/1029624 https://exchange.xforce.ibmcloud.com/vulnerabilities/90463 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5521
https://notcve.org/view.php?id=CVE-2013-5521
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. Cisco Identity Services Engine no restringe adecuadamente la creación de cuentas de invitado, lo cual permite a atacantes remotos causar denegación de servicio (agotamiento de cuentas) a través de una serie de peticiones en una sesión, aka Bug ID CSCue94287. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5531
https://notcve.org/view.php?id=CVE-2013-5531
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. Cisco Identity Services Engine (ISE) 1.x anteriores a 1.1.1 permite a atacantes remotos sortear la autenticación, y leer configuración de soporte y datos de credenciales, a traves de una sesion TCP manipulada en el puerto 443, tambien conocido como Bug ID CSCty20405. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5530
https://notcve.org/view.php?id=CVE-2013-5530
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. El framework web de Cisco Identitiy Services Engine (ISE) 1.0 y 1.1.0 antes 1.1.0.665-5, antes 1.1.1.268-7 1.1.1, 1.1.2 antes 1.1.2.145-10, 1.1.3 antes 1.1.3.124 -7, antes 1.1.4.218-7 1.1.4 y 1.2 antes 1.2.0.899-2 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una sesión manipulada en el puerto TCP 443, también conocido como Bug ID CSCuh81511. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise http://www.kb.cert.org/vuls/id/952422 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •