SQL Injection Vulnerability in Cisco AppDynamics App iQ Platform
CVE-2018-0225

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Appdynamics App Iq Platform Before 4.4.3.10598 (hf4) Unknown
Vendor: CVE Published:; 8 June 2018

What is CVE-2018-0225?

The Enterprise Console of Cisco AppDynamics App iQ Platform is susceptible to SQL injection vulnerabilities, allowing attackers to execute arbitrary SQL code via malicious input, posing risks to data integrity and confidentiality. This issue affects versions prior to 4.4.3.10598 (HF4), as highlighted in Security Advisory 2089. Organizations are urged to update to the latest version to mitigate potential threats.

Affected Version(s)

Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) unknown Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) unknown

References

https://docs.appdynamics.com/display/PRO44/Release+Notes#...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2018
Vulnerability Reserved
Nov 27, 2017