cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
368
Views
45
Helpful
7
Replies
Highlighted
Beginner

CSCvs65467 - Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

One of our Cisco partners advised that this would be fixed in an upcoming 2.6 patch. Since then, 2.6 patch 5 was released, but does not mention CSCvs65467 in the release notes at all. Does 2.6 patch 5 address this bug?

7 REPLIES 7
Highlighted
Cisco Employee

It was not fixed in ISE 2.6 patch 5.

Highlighted

Is there any future planned patch for version 2.6, that is still recommended?

Highlighted

I'm presuming patch 6 but I'm waiting for a definitive answer myself.

Highlighted

Do you know if patch 7 for 2.6 will cover this bug and when will be published?
Upgrade to 2.7 version even with patch 1 will cause vulnerability for CSCvm15495.

 

Thanks

Highlighted

Patch 7 for 2.6 has been released yesterday and resolves this issue.
Thanks.

Highlighted
Beginner

I have a customer on ISE 2.4 which is still supported. Patch 11 recently came out but no mention of a bug fix for CSCvs65467 in the release notes either.

I wish Cisco would at least respond to this thread.

Highlighted

This should be part of 2.4 P12. Tentative GA date is about 2 weeks away.