| Summary | Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device. |
|---|---|
| Publication Date | Aug. 22, 2024, 5:15 a.m. |
| Registration Date | Aug. 26, 2024, 4:58 p.m. |
| Last Update | Aug. 22, 2024, 9:48 p.m. |
| Title | シスコシステムズの Cisco Identity Services Engine (ISE) における SQL インジェクションの脆弱性 |
|---|---|
| Summary | シスコシステムズの Cisco Identity Services Engine (ISE) には、SQL インジェクションの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、および情報を改ざんされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Aug. 21, 2024, midnight |
| Registration Date | April 1, 2025, 10:25 a.m. |
| Last Update | April 1, 2025, 10:25 a.m. |
| シスコシステムズ |
| Cisco Identity Services Engine (ISE) 3.0.0 より大きい 3.1 まで |
| Cisco Identity Services Engine (ISE) 3.1.0 |
| Cisco Identity Services Engine (ISE) 3.2.0 |
| Cisco Identity Services Engine (ISE) 3.3.0 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年04月01日] 掲載 |
April 1, 2025, 10:25 a.m. |