Vulnerabilities > Cisco > Identity Services Engine > 3.3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-17 | CVE-2024-20296 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. | 7.2 |
2024-04-03 | CVE-2024-20368 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 8.8 |