Vulnerabilities > Cisco > Identity Services Engine > 3.1.0.440
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-02-05 | CVE-2025-20204 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. | 4.8 |
2025-02-05 | CVE-2025-20205 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. | 4.8 |
2024-11-06 | CVE-2024-20487 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. | 5.4 |
2024-11-06 | CVE-2024-20527 | Path Traversal vulnerability in Cisco Identity Services Engine A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. | 5.5 |
2024-11-06 | CVE-2024-20528 | Path Traversal vulnerability in Cisco Identity Services Engine A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. | 7.2 |
2024-11-06 | CVE-2024-20529 | Path Traversal vulnerability in Cisco Identity Services Engine A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. | 5.5 |
2024-11-06 | CVE-2024-20532 | Path Traversal vulnerability in Cisco Identity Services Engine A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. | 5.5 |
2024-04-03 | CVE-2024-20368 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 8.8 |
2023-09-07 | CVE-2023-20193 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. | 6.7 |
2023-04-05 | CVE-2023-20030 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. | 6.0 |