Cisco Bug: CSCuw50843 - PSC 11.0 - SQL Injection Vulnerability
Feb 04, 2017
- Cisco Prime Service Catalog
- Cisco Prime Service Catalog 11.0
Known Affected Releases
Symptoms: A vulnerability in web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Conditions: Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases