CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.3EPSS: 1%CPEs: 11EXPL: 0CVE-2019-15282 – Cisco Identity Services Engine Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-15282
16 Oct 2019 — A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme. ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-15281 – Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-15281
16 Oct 2019 — A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnera... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 48EXPL: 0CVE-2015-6317
https://notcve.org/view.php?id=CVE-2015-6317
23 Jan 2016 — Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. Cisco Identity Services Engine (ISE) en versiones anteriores a 2.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso de recurso-web a través de una petición directa, también conocido como Bug ID CSCuu45926. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 2%CPEs: 50EXPL: 0CVE-2015-6323
https://notcve.org/view.php?id=CVE-2015-6323
15 Jan 2016 — The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. El portal Admin en Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 en versiones anteriores a patch 17, 1.2.1 en versiones anteriores al patch 8, 1.3 en versiones anteriores al patch 5 y 1.4 en versiones anteriores al patch 4 permite a atacantes remotos o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4266
https://notcve.org/view.php?id=CVE-2015-4266
16 Jul 2015 — The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. La interfaz web en Cisco Identity Services Engine (ISE) 1.1 (4.1), 1.3 (106.146) y 1.3 (120.135) no restringe correctamente el uso de elementos IFRAME, lo que f... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39871 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-4182
https://notcve.org/view.php?id=CVE-2015-4182
12 Jun 2015 — The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. La interfaz web administrativa en Cisco Identity Services Engine (ISE) anterior a 1.3 permite a usuarios remotos autenticados evadir las restricciones de acceso, y obtener información sensible o cambiar configuraciones, a través de vectores no especific... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39299 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3275
https://notcve.org/view.php?id=CVE-2014-3275
23 May 2014 — SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337. Vulnerabilidad de inyección SQL en el Framework web en Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCul21337. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3276
https://notcve.org/view.php?id=CVE-2014-3276
23 May 2014 — Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780. Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) y anteriores no maneja debidamente condiciones de bloqueo durante la recepción de paquetes de contabilidad RADIUS ma... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0681
https://notcve.org/view.php?id=CVE-2014-0681
29 Jan 2014 — Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064. Cross-site scripting (XSS) en Cisco Identity Services Engine (ISE) 1.2 parche 2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un informe que contiene una URL mani... • http://osvdb.org/102589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •