Vulnslist

find the latest Cisco vulnerabilities

Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities

cisco-sa-ise-xss1-rgxYry2V · Medium · Published · Updated

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2021-34738, CVE-2021-40121
Cisco Bug IDsCSCvy81868, CSCvy11971
CVSS ScoreBase 6.1
Base 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Base 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Identity Services Engine Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Identity Services Engine Software known_affected cisco_csaf CVE-2021-34738, CVE-2021-40121 2

Related Products

Product CVE Evidence
Cisco Identity Services Engine Software CVE-2021-40121 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2021-34738 Cisco OpenVuln