Vulnerabilities > Cisco > Identity Services Engine Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-15282 | Missing Authentication for Critical Function vulnerability in Cisco Identity Services Engine Software A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. | 5.0 |
| 2019-10-16 | CVE-2019-15281 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |
| 2019-01-15 | CVE-2018-15463 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.4(0.357) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. | 4.3 |
| 2019-01-15 | CVE-2018-15440 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.4(0.357) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2018-08-01 | CVE-2018-0413 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.8 |
| 2018-06-07 | CVE-2018-0339 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.126) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 4.3 |
| 2018-05-17 | CVE-2018-0327 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.1(0.905) A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2018-05-17 | CVE-2018-0289 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.223) A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. | 4.3 |
| 2017-11-16 | CVE-2017-12316 | Improper Restriction of Excessive Authentication Attempts vulnerability in Cisco Identity Services Engine Software 2.1(0.229) A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. | 5.0 |
| 2017-02-22 | CVE-2017-3835 | SQL Injection vulnerability in Cisco Identity Services Engine Software 1.4(0.908) A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. | 6.5 |