SQL Injection Vulnerability in Cisco Prime Service Catalog
CVE-2017-12364
6.5MEDIUM
Summary
A SQL Injection vulnerability exists within the web framework of Cisco Prime Service Catalog, enabling an unauthenticated remote attacker to execute arbitrary SQL queries. The root cause of the issue is a failure to properly validate user-input in SQL statements. This flaw allows attackers to craft specific SQL commands that may expose sensitive data from the database. Successful exploitation could lead to unauthorized access to certain database entries, negatively impacting data integrity and confidentiality. For further details, visit Cisco's security advisory.
Affected Version(s)
Cisco Prime Service Catalog Cisco Prime Service Catalog
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved