CVSS: 10.0EPSS: 2%CPEs: 50EXPL: 0CVE-2015-6323
https://notcve.org/view.php?id=CVE-2015-6323
15 Jan 2016 — The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. El portal Admin en Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 en versiones anteriores a patch 17, 1.2.1 en versiones anteriores al patch 8, 1.3 en versiones anteriores al patch 5 y 1.4 en versiones anteriores al patch 4 permite a atacantes remotos o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4266
https://notcve.org/view.php?id=CVE-2015-4266
16 Jul 2015 — The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. La interfaz web en Cisco Identity Services Engine (ISE) 1.1 (4.1), 1.3 (106.146) y 1.3 (120.135) no restringe correctamente el uso de elementos IFRAME, lo que f... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39871 • CWE-20: Improper Input Validation •