VYPR

Identity Services Engine Software

by Cisco Systems, Inc.

CVEs (215)

  • CVE-2018-0289MedMay 17, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An…

  • CVE-2018-0212MedMar 8, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0091MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an…

  • CVE-2017-6733MedJul 10, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More…

  • CVE-2017-6701MedJul 4, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information:…

  • CVE-2016-9214MedDec 14, 2016
    risk 0.40cvss 6.1epss 0.02

    Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected…

  • CVE-2016-1485MedAug 22, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.

  • CVE-2026-20136MedApr 15, 2026
    risk 0.39cvss 6.0epss 0.01

    A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and…

  • CVE-2018-0216MedMar 8, 2018
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2018-0214MedMar 8, 2018
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been…

  • CVE-2017-6734MedJul 10, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest…

  • CVE-2017-6605MedJul 4, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More…

  • CVE-2026-20029MedJan 7, 2026
    risk 0.32cvss 4.9epss 0.06

    A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This…

  • CVE-2025-20131MedAug 20, 2025
    risk 0.32cvss 4.9epss 0.00

    A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could…

  • CVE-2026-20132MedApr 15, 2026
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against…

  • CVE-2025-20205MedFeb 5, 2025
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to…

  • CVE-2025-20204MedFeb 5, 2025
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to…

  • CVE-2018-15425MedOct 5, 2018
    risk 0.31cvss 4.7epss 0.02

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.

  • CVE-2018-15424MedOct 5, 2018
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.

  • CVE-2018-0211MedMar 8, 2018
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input…

Page 2 of 11