vulnerability

Cisco ISE: CVE-2019-1942: Cisco Identity Services Engine Blind SQL Injection Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Jul 17, 2019	Oct 21, 2025	Oct 21, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Jul 17, 2019

Added

Oct 21, 2025

Modified

Oct 21, 2025

Description

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior.

Solution

cisco-ise-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today