Vulnerabilities > Cisco > Identity Services Engine > 3.1.0.440

DATE CVE VULNERABILITY TITLE RISK
2025-02-05 CVE-2025-20204 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
4.8
2025-02-05 CVE-2025-20205 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
4.8
2024-11-06 CVE-2024-20487 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
5.4
2024-11-06 CVE-2024-20527 Path Traversal vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device.
network
low complexity
cisco CWE-22
5.5
2024-11-06 CVE-2024-20528 Path Traversal vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device.
network
low complexity
cisco CWE-22
7.2
2024-11-06 CVE-2024-20529 Path Traversal vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device.
network
low complexity
cisco CWE-22
5.5
2024-11-06 CVE-2024-20532 Path Traversal vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device.
network
low complexity
cisco CWE-22
5.5
2024-04-03 CVE-2024-20368 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device.
network
low complexity
cisco CWE-352
8.8
2023-09-07 CVE-2023-20193 Improper Privilege Management vulnerability in Cisco Identity Services Engine
A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root.
local
low complexity
cisco CWE-269
6.7
2023-04-05 CVE-2023-20030 XXE vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself.
network
low complexity
cisco CWE-611
6.0