Cisco Identity Services Engine Software — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Identity Services Engine Software, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (49)
CVE-2011-3290 — CVSS 10.0 (critical): Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify…
CVE-2015-6323 — CVSS 9.8 (critical): The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4…
CVE-2013-5530 — CVSS 9.0 (critical): The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before…
CVE-2017-3835 — CVSS 8.8 (high): A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access…
CVE-2018-0413 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote…
CVE-2016-1402 — CVSS 7.5 (high): The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership…
CVE-2017-12316 — CVSS 7.5 (high): A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to…
CVE-2013-5540 — CVSS 6.8 (medium): The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk…
CVE-2012-3908 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on…
CVE-2013-1125 — CVSS 6.8 (medium): The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager…
CVE-2013-1196 — CVSS 6.8 (medium): The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent…
CVE-2013-3420 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to…
CVE-2015-4267 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876)…
CVE-2013-5525 — CVSS 6.5 (medium): SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users…
CVE-2015-6317 — CVSS 6.5 (medium): Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a…
CVE-2014-3275 — CVSS 6.5 (medium): SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote…
CVE-2018-0327 — CVSS 6.1 (medium): A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a…
CVE-2016-9214 — CVSS 6.1 (medium): Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site…
CVE-2018-0289 — CVSS 6.1 (medium): A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct…
CVE-2018-0339 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote…
CVE-2018-15440 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote…
CVE-2018-15463 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote…
CVE-2013-5539 — CVSS 6.0 (medium): The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an…
CVE-2015-4182 — CVSS 5.5 (medium): The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended…
CVE-2019-15282 — CVSS 5.3 (medium): A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated…
CVE-2014-8017 — CVSS 5.0 (medium): The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a…
CVE-2013-5531 — CVSS 5.0 (medium): Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle…
CVE-2015-0757 — CVSS 5.0 (medium): The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which…
CVE-2013-5521 — CVSS 5.0 (medium): Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial…
CVE-2013-5538 — CVSS 5.0 (medium): The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read…
CVE-2015-6266 — CVSS 5.0 (medium): The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows…
CVE-2019-15281 — CVSS 4.8 (medium): A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote…
CVE-2013-5505 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to…
CVE-2014-8022 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script…
CVE-2015-4266 — CVSS 4.3 (medium): The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME…
CVE-2013-5524 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote…
CVE-2015-4268 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876)…
CVE-2013-5523 — CVSS 4.3 (medium): The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes…
CVE-2012-5744 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote…
CVE-2013-5504 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote…
CVE-2013-3471 — CVSS 4.3 (medium): The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and…
CVE-2013-3413 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine…
CVE-2014-0681 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject…
CVE-2015-4219 — CVSS 4.0 (medium): Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not…
CVE-2014-0665 — CVSS 4.0 (medium): The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads…
CVE-2014-8015 — CVSS 4.0 (medium): The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's…
CVE-2014-3276 — CVSS 4.0 (medium): Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted…
CVE-2013-5541 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated…