CVE-2013-5525

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.

Published: Oct 10, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-5525
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / identity_services_engine_software	1.1	1.1.x
cisco / identity_services_engine_software	1.0	1.0.x
cisco / identity_services_engine_software	-	1.2.x

http://osvdb.org/98167
http://secunia.com/advisories/55098
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525
http://tools.cisco.com/security/center/viewAlert.x?alertId=31160
http://www.securitytracker.com/id/1029156
https://exchange.xforce.ibmcloud.com/vulnerabilities/87723

Vulnerability Database

289,697

CVE-2013-5525