Preview Tool

Cisco Bug: CSCuw50843 - PSC 11.0 - SQL Injection Vulnerability

Last Modified

Feb 04, 2017

Products (2)

  • Cisco Prime Service Catalog
  • Cisco Prime Service Catalog 11.0

Known Affected Releases


Description (partial)

A vulnerability in web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to execute unauthorized SQL queries.

The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability
by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in
some database tables.

Device configured with default configuration.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.