Vulnerabilities > Cisco > Identity Services Engine

DATE CVE VULNERABILITY TITLE RISK
2021-10-21 CVE-2021-40121 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
4.8
2021-10-21 CVE-2021-40123 Incorrect Default Permissions vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted.
network
low complexity
cisco CWE-276
6.5
2021-10-06 CVE-2021-1594 OS Command Injection vulnerability in Cisco Identity Services Engine
A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root.
network
high complexity
cisco CWE-78
8.1
2021-10-06 CVE-2021-34702 Unspecified vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information.
network
low complexity
cisco
4.3
2021-10-06 CVE-2021-34706 XXE vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-611
5.4
2021-09-02 CVE-2021-34759 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
4.8
2021-07-08 CVE-2021-1603 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
4.8
2021-07-08 CVE-2021-1604 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
4.8
2021-07-08 CVE-2021-1605 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
4.8
2021-07-08 CVE-2021-1606 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
4.8