SQL Injection Vulnerability in Cisco Prime Service Catalog
CVE-2017-12364
6.5MEDIUM
What is CVE-2017-12364?
A SQL Injection vulnerability exists within the web framework of Cisco Prime Service Catalog, enabling an unauthenticated remote attacker to execute arbitrary SQL queries. The root cause of the issue is a failure to properly validate user-input in SQL statements. This flaw allows attackers to craft specific SQL commands that may expose sensitive data from the database. Successful exploitation could lead to unauthorized access to certain database entries, negatively impacting data integrity and confidentiality. For further details, visit Cisco's security advisory.
Affected Version(s)
Cisco Prime Service Catalog Cisco Prime Service Catalog