Vulnerabilities > Cisco > Identity Services Engine > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2022-20819 Improper Privilege Management vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.
network
low complexity
cisco CWE-269
6.5
2022-04-06 CVE-2022-20782 Improper Privilege Management vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.
network
low complexity
cisco CWE-269
6.5
2021-10-21 CVE-2021-34738 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
6.1
2021-10-21 CVE-2021-40121 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
4.8
2021-10-21 CVE-2021-40123 Incorrect Default Permissions vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted.
network
low complexity
cisco CWE-276
6.5
2021-10-06 CVE-2021-34702 Unspecified vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information.
network
low complexity
cisco
4.3
2021-10-06 CVE-2021-34706 XXE vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-611
5.4
2021-09-02 CVE-2021-34759 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
4.8
2021-07-08 CVE-2021-1603 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
4.8
2021-07-08 CVE-2021-1604 Cross-site Scripting vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
4.8