Cisco.Identity.Services.Engine.LiveLogSettingsServlet.XSS

description-logoDescription

This indicates an attack attempt on a Cross-Site Scripting (XSS) vulnerability in Cisco Identity Services Engine.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary script code in the browser.

affected-products-logoAffected Products

Cisco Systems Identity Services Engine 2.2 prior to (0.913)

Impact logoImpact

System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser

recomended-action-logoRecommended Actions

Refer to the vendor supplied advisory for updates:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-14 14.633 Default_action:pass:drop
2019-06-06 14.627 Severity:critical:medium
2019-03-08 14.569