← Back

CVE-2021-34738

nvd nist
Published: Oct 21, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (25)

Cisco
1 product
Identity Services Engine
Configuration A
25 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Identity Services Engine
Before 2.6.0
Identity Services Engine
Version 2.6.0
Identity Services Engine
Version 2.6.0 patch1
Identity Services Engine
Version 2.6.0 patch2
Identity Services Engine
Version 2.6.0 patch3
Identity Services Engine
Version 2.6.0 patch5
Identity Services Engine
Version 2.6.0 patch6
Identity Services Engine
Version 2.6.0 patch7
Identity Services Engine
Version 2.6.0 patch8
Identity Services Engine
Version 2.6.0 patch9
Identity Services Engine
Version 2.7.0
Identity Services Engine
Version 2.7.0 patch1
Identity Services Engine
Version 2.7.0 patch2
Identity Services Engine
Version 2.7.0 patch3
Identity Services Engine
Version 2.7.0 patch4
Identity Services Engine
Version 2.7
Identity Services Engine
Version 2.7(0.207)
Identity Services Engine
Version 2.7(0.356)
Identity Services Engine
Version 2.7(0.356)
Identity Services Engine
Version 2.7(0.903)
Identity Services Engine
Version 3.0.0
Identity Services Engine
Version 3.0.0 patch1
Identity Services Engine
Version 3.0.0 patch2
Identity Services Engine
Version 3.0.0 patch3
Identity Services Engine
Version 3.0(0.458)

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.