SQL Injection Vulnerability in Cisco Prime Service Catalog by Cisco
CVE-2015-6350

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Service Catalog
Vendor: CVE Published:; 30 October 2015

Summary

An SQL injection vulnerability exists in the web framework of Cisco Prime Service Catalog 11.0, enabling remote authenticated users to execute arbitrary SQL commands. This flaw can be exploited through various unspecified vectors, potentially compromising the integrity and confidentiality of the database. Appropriate measures should be taken to address this vulnerability to safeguard user data and maintain operational security.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1034023

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 30, 2015
Vulnerability Reserved
Aug 17, 2015