Improper input validation in Cisco Identity_services_engine_software

CVE-2015-4266

The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecifie…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (44.3th percentile) — read the EPSS interpretation.

Affected products

Cisco Identity_services_engine_software — versions 1.1\(4.1\), 1.3\(106.146\), 1.3\(120.135\)
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20150714 Cisco Identity Services Engine Cross-Frame Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1032930 (vdb-entry, x_refsource_SECTRACK)