CVE-2015-4268

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions 1.2(1.198) and 1.3(0.876)

Description The issue exists due to insufficient protection of the web page structure, allowing for the exploitation of multiple cross-site scripting (XSS) vulnerabilities. This can enable a remote attacker to inject arbitrary web script or HTML code via GET or POST requests.

Recommendations For version 1.2(1.198), update to a version that includes the fix for Bug ID CSCus16052. For version 1.3(0.876), update to a version that includes the fix for Bug ID CSCus16052. As a temporary workaround, consider restricting access to the Infra Admin UI to minimize the risk of exploitation.