Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
10
Helpful
2
Replies

CSCvh11308 - Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability

cwarren4101
Level 1
Level 1

‎06-20-2018 06:57 AM - edited ‎03-20-2019 10:14 PM

Will probably open a TAC on this but wanted to ask first. Is ISE 2.3(0.298) affected by this vulnerability regardless on installed platform? And if yes is the only resolution path an "upgrade" to 2.4?

 

The bug ID states version 2.3(0.298) is affected but only when installed on "Cisco Identity Services Engine (ISE) 3300 Series Appliances." However due to the bug ID wording vulnerability scanners are flagging 2.3(0.298) as vulnerable regardless of the installed platform with the only option an upgrade to 2.4. Problem; 2.3 is still receiving updates, but this bug ID is not noted anywhere in the current release notes of either 2.3 (dated 8 June 2018) or, for that matter, 2.4 release notes (dated 3 May 2018.)

3 people had this problem
Labels:
0 Helpful
2 Replies 2

furrow.s
Level 1
Level 1

‎08-29-2018 05:48 AM

Hello,

 

I was just curious if TAC provided any feedback on this.  We just installed a new 2.3 environment and our scanners flagged the same vulnerability.

0 Helpful

garydaemyir
Level 1
Level 1
In response to furrow.s

‎08-29-2018 08:44 AM

I was told to upgrade to 2.4 by TAC.

Customers Also Viewed These Support Documents