CVE-2014-0681

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-0681
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://osvdb.org/102589 Broken Link
http://secunia.com/advisories/56714 Permissions Required
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681 Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=32609 Vendor Advisory
http://www.securityfocus.com/bid/65183 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029699
http://osvdb.org/102589 Broken Link
http://secunia.com/advisories/56714 Permissions Required
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681 Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=32609 Vendor Advisory
http://www.securityfocus.com/bid/65183 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029699
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*
History

21 Nov 2024, 02:02

Type Values Removed Values Added
References () http://osvdb.org/102589 - Broken Link () http://osvdb.org/102589 - Broken Link
References () http://secunia.com/advisories/56714 - Permissions Required () http://secunia.com/advisories/56714 - Permissions Required
References () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681 - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681 - Vendor Advisory
References () http://tools.cisco.com/security/center/viewAlert.x?alertId=32609 - Vendor Advisory () http://tools.cisco.com/security/center/viewAlert.x?alertId=32609 - Vendor Advisory
References () http://www.securityfocus.com/bid/65183 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/65183 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1029699 - () http://www.securitytracker.com/id/1029699 -
Information

Published : 2014-01-29 18:34

Updated : 2024-11-21 02:02

NVD link : CVE-2014-0681

Mitre link : CVE-2014-0681

CVE.ORG link : CVE-2014-0681

JSON object : View

Products Affected

cisco

  • identity_services_engine_software
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024