CVSS: 5.3EPSS: 1%CPEs: 11EXPL: 0CVE-2019-15282 – Cisco Identity Services Engine Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-15282
16 Oct 2019 — A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme. ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-15281 – Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-15281
16 Oct 2019 — A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnera... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-1402
https://notcve.org/view.php?id=CVE-2016-1402
21 May 2016 — The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. El componente de integración Active Directory (AD) en Cisco Identity Service Engine (ISE) en versiones anteriores a 1.2.0.899 patch 7, cuando se habilita la autorización p... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 48EXPL: 0CVE-2015-6317
https://notcve.org/view.php?id=CVE-2015-6317
23 Jan 2016 — Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. Cisco Identity Services Engine (ISE) en versiones anteriores a 2.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso de recurso-web a través de una petición directa, también conocido como Bug ID CSCuu45926. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 2%CPEs: 50EXPL: 0CVE-2015-6323
https://notcve.org/view.php?id=CVE-2015-6323
15 Jan 2016 — The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. El portal Admin en Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 en versiones anteriores a patch 17, 1.2.1 en versiones anteriores al patch 8, 1.3 en versiones anteriores al patch 5 y 1.4 en versiones anteriores al patch 4 permite a atacantes remotos o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4266
https://notcve.org/view.php?id=CVE-2015-4266
16 Jul 2015 — The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. La interfaz web en Cisco Identity Services Engine (ISE) 1.1 (4.1), 1.3 (106.146) y 1.3 (120.135) no restringe correctamente el uso de elementos IFRAME, lo que f... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39871 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-4267
https://notcve.org/view.php?id=CVE-2015-4267
15 Jul 2015 — Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. Vulnerabilidad CSRF en el Framework Web en Cisco Identity Services Engine (ISE) 1.2 (0.793), 1.3 (0.876), 1.4 (0.109), 2.0 (0.147), y 2.0 (0.169) que permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conoc... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39872 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4268
https://notcve.org/view.php?id=CVE-2015-4268
14 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XXS) en la infraestructura administrativa UI en Cisco Identity Services Engine (ISE) 1.2(1.198) y 1.3(0.876), permite a atacantes remotos inyectar arbitr... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-4182
https://notcve.org/view.php?id=CVE-2015-4182
12 Jun 2015 — The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. La interfaz web administrativa en Cisco Identity Services Engine (ISE) anterior a 1.3 permite a usuarios remotos autenticados evadir las restricciones de acceso, y obtener información sensible o cambiar configuraciones, a través de vectores no especific... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39299 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0757
https://notcve.org/view.php?id=CVE-2015-0757
29 May 2015 — The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140. El Framework web en Cisco Identity Services Engine (ISE) 1.2(1.901) y 1.3(0.722) no implementa correctamente los manejadores de sesiones, lo que permite a atacantes remotos obtener información sensible mediante la lectura de páginas web, tal y... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39042 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •