Vulnerabilities > Cisco > Identity Services Engine Software > 2.4.0.357

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-15282 Missing Authentication for Critical Function vulnerability in Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device.
network
low complexity
cisco CWE-306
5.3
5.3
2019-10-16 CVE-2019-15281 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
4.8
4.8
2019-01-15 CVE-2018-15463 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.4(0.357)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface.
network
low complexity
cisco CWE-79
6.1
6.1
2019-01-15 CVE-2018-15440 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.4(0.357)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
low complexity
cisco CWE-79
6.1
6.1