CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12316
https://notcve.org/view.php?id=CVE-2017-12316
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. • http://www.securityfocus.com/bid/101931 http://www.securitytracker.com/id/1039830 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise • CWE-287: Improper Authentication CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3835
https://notcve.org/view.php?id=CVE-2017-3835
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). Una vulnerabilidad en el portal patrocinador de Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto no autenticado acceder a avisos de otros usuarios debido a inyección de SQL. Más Información: CSCvb15627. • http://www.securityfocus.com/bid/96249 http://www.securitytracker.com/id/1037841 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9214
https://notcve.org/view.php?id=CVE-2016-9214
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130). Cisco Identity Services Engine (ISE) contiene una vulnerabilidad que podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra el usuario de la interfaz web del sistema afectado. Más Información: CSCvb86332 CSCvb86760. • http://www.securityfocus.com/bid/94807 http://www.securitytracker.com/id/1037417 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1485
https://notcve.org/view.php?id=CVE-2016-1485
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. Vulnerabilidad de XSS en Cisco Identity Services Engine 1.3(0.876) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros manipulados, también conocido como Bug ID CSCva46497. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise http://www.securityfocus.com/bid/92518 http://www.securitytracker.com/id/1036647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-1402
https://notcve.org/view.php?id=CVE-2016-1402
The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. El componente de integración Active Directory (AD) en Cisco Identity Service Engine (ISE) en versiones anteriores a 1.2.0.899 patch 7, cuando se habilita la autorización para miembros del grupo AD, permite a atacantes remotos provocar una denegación del servicio (fallo de autenticación) a través de una solicitud de autenticación Password Authentication Protocol (PAP) manipulada, también conocido como Bug ID CSCun25815. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise http://www.securitytracker.com/id/1035946 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •