CVE-2019-15282

< 2.4\(0.357\)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthentica

5.3MEDIUM

CVE-2019-15281

< 2.4\(0.357\)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticate

4.8MEDIUM

CVE-2018-15463

all versions

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remo

6.1MEDIUM

CVE-2018-15440

all versions

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remo

6.1MEDIUM

CVE-2018-0413

all versions

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remo

8.8HIGH

CVE-2018-0339

all versions

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remo

6.1MEDIUM

CVE-2018-0327

all versions

A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to co

6.1MEDIUM

CVE-2018-0289

all versions

A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct

6.1MEDIUM

CVE-2017-12316

all versions

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote atta

7.5HIGH

CVE-2017-3835

all versions

A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to acc

8.8HIGH

CVE-2016-9214

all versions

Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cr

6.1MEDIUM

CVE-2016-1485

all versions

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary

6.1MEDIUM

CVE-2016-1402

all versions

The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-mem

7.5HIGH

CVE-2015-6317

all versions

Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restricti

6.5MEDIUM

CVE-2015-6323

all versions

The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, a

9.8CRITICAL

CVE-2015-6266

all versions

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, whic

CVE-2015-4266

all versions

The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use

CVE-2015-4267

all versions

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876

CVE-2015-4268

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1

CVE-2015-4219

all versions

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do no

CVE-2015-4182

all versions

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass in

CVE-2015-0757

all versions

The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers,

CVE-2014-8022

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary w

CVE-2014-8017

all versions

The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption password

CVE-2014-8015

all versions

The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary spon

CVE-2014-3276

<= 1.2

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of

CVE-2014-3275

<= 1.2

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote

CVE-2014-0681

<= 1.2

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers t

CVE-2014-0665

all versions

The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle do

CVE-2013-5531

all versions

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle co

CVE-2013-5530

all versions

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before

CVE-2013-5521

all versions

Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a

CVE-2013-5541

all versions

Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authen

CVE-2013-5540

all versions

The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (di

CVE-2013-5539

all versions

The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an

CVE-2013-5538

all versions

The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers

CVE-2013-5525

<= 1.2

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticat

CVE-2013-5524

<= 1.2

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allow

CVE-2013-5523

<= 1.2

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, whic

CVE-2013-5505

all versions

Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers

CVE-2013-5504

all versions

Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allo

CVE-2012-5744

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow rem

CVE-2013-3471

all versions

The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and

CVE-2013-3420

all versions

Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote att

CVE-2013-3413

all versions

Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services

CVE-2013-1196

all versions

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent

CVE-2013-1125

all versions

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking

CVE-2012-3908

all versions

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interfac

CVE-2011-3290

<= 1.0.4

Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to mo