Rewterz Threat Advisory –Multiple SAP Vulnerabilities
August 12, 2021Rewterz Threat Advisory –Multiple Palo Alto Security Vulnerabilities
August 12, 2021Rewterz Threat Advisory –Multiple SAP Vulnerabilities
August 12, 2021Rewterz Threat Advisory –Multiple Palo Alto Security Vulnerabilities
August 12, 2021Severity
Medium
Analysis Summary
CVE-2021-1603,CVE-2021-1604,CVE-2021-1605,CVE-2021-1606,CVE-2021-1607
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Impact
- Cross-site Scripting
- Information Theft
Affected Vendors
Cisco
Affected Products
- Cisco ISE releases earlier than 2.6 Patch 9
- Cisco ISE releases earlier than 2.7 Patch 4
- Cisco ISE releases earlier than 3.0 Patch 3
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.