cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
486
Views
20
Helpful
4
Replies
sierra_co
Beginner

CSCvg86743 - Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

I noticed that this bug is listed as "fixed", but there's no information regarding the fix or any software releases that might provide it.

So, what's the fix?

4 REPLIES 4
cwarren4101
Beginner

And also for the Cisco engineers maintaining ISE. You are releasing patches for multiple different versions of ISE without documenting what is fixed in each patch. Justifying applying the patch to mgmt is impossible without this documentation. Please consider using a documentation similar to what is used for the ASA product which clearly details what is fixed with each release.

sthkhealth
Beginner


@sierra_co wrote:

I noticed that this bug is listed as "fixed", but there's no information regarding the fix or any software releases that might provide it.

So, what's the fix?


Hi 

Look in the section;

Further Problem Description:
The issue was triggered due to a hole in the import reporting process on the UI side.
The issue was fixed in release 2.2.

 

Not obvious though!

 

Yes but the other issue with this bugid and others for ISE is the "details" section. Under products only "Cisco Identity Services Engine (ISE) 3300 Series Appliances" is listed. This may be incorrect as the bug probably affects ISE installed on other platforms as well, not just ISE installed on this piece of hardware.

 

This is an important point as some of us must to justify to mgmt. why a patch should be applied and mgmt. seeing this may assume the bug only applies when ISE is installed on the "Cisco Identity Services Engine (ISE) 3300 Series Appliances" platform.

Thanks! It looks like information with the problem description was just recently added, as it was not there originally. It's great to see that someone updated it!