Re: CSCvs65467 - Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

sierra_co · ‎03-19-2020

One of our Cisco partners advised that this would be fixed in an upcoming 2.6 patch. Since then, 2.6 patch 5 was released, but does not mention CSCvs65467 in the release notes at all. Does 2.6 patch 5 address this bug?

ciscosteve84 · ‎03-20-2020

It was not fixed in ISE 2.6 patch 5.

Pawel Przybyszewski · ‎03-21-2020

Is there any future planned patch for version 2.6, that is still recommended?

ciscosteve84 · ‎03-23-2020

I'm presuming patch 6 but I'm waiting for a definitive answer myself.

Pawel Przybyszewski · ‎06-08-2020

Do you know if patch 7 for 2.6 will cover this bug and when will be published?
Upgrade to 2.7 version even with patch 1 will cause vulnerability for CSCvm15495.

Thanks

Pawel Przybyszewski · ‎06-17-2020

Patch 7 for 2.6 has been released yesterday and resolves this issue.
Thanks.

Scott Gillies · ‎04-28-2020

I have a customer on ISE 2.4 which is still supported. Patch 11 recently came out but no mention of a bug fix for CSCvs65467 in the release notes either.

I wish Cisco would at least respond to this thread.

ciscosteve84 · ‎04-28-2020

This should be part of 2.4 P12. Tentative GA date is about 2 weeks away.