PT-2019-1307 · Cisco · Cisco Identity Services Engine

Publicado

2019-01-23

Atualizado

2019-10-09

CVE-2018-15455

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (affected versions not specified)

Description The issue is related to the logging component of Cisco Identity Services Engine, where improper validation of requests stored in the system's logging database could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. An attacker could exploit this by sending malicious requests to the targeted system, allowing them to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2019-00539

CVE-2018-15455

Produtos afetados

Cisco Identity Services Engine

PT-2019-1307 · Cisco · Cisco Identity Services Engine

CVE-2018-15455

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6