Cisco Prime Service Catalog 11.0 sql injection

Une vulnérabilité qui a été classée critique a été trouvée dans Cisco Prime Service Catalog 11.0. Affecté par ce problème est une fonction inconnue. Il n'y a aucune information à propos de possibles contremesures connues. Il est suggéré de remplacer l'object infecté par un produit alternatif.

Domaine02/11/2015 10:0302/03/2018 09:4425/06/2022 14:54
vendorCiscoCiscoCisco
namePrime Service CatalogPrime Service CatalogPrime Service Catalog
version11.011.011.0
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore6.06.06.0
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore6.36.36.3
cvss3_meta_tempscore6.36.36.3
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
date1446163200 (30/10/2015)1446163200 (30/10/2015)1446163200 (30/10/2015)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-pschttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-pschttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc
identifierCSCuw50843CSCuw50843CSCuw50843
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2015-6350CVE-2015-6350CVE-2015-6350
cve_nvd_published144616320014461632001446163200
cve_nvd_summarySQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.
securityfocus773527735277352
vulnerabilitycenter540675406754067
vulnerabilitycenter_title[cisco-sa-20151028-psc] Cisco Prime Service Catalog Remote SQL Injection Vulnerability via Web Framework[cisco-sa-20151028-psc] Cisco Prime Service Catalog Remote SQL Injection Vulnerability via Web Framework[cisco-sa-20151028-psc] Cisco Prime Service Catalog Remote SQL Injection Vulnerability via Web Framework
vulnerabilitycenter_severityMediumMediumMedium
vulnerabilitycenter_creationdate144633600014463360001446336000
vulnerabilitycenter_reportingdate144599040014459904001445990400
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcCCC
cvss3_vuldb_prLLL
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cve_assigned1439769600 (17/08/2015)1439769600 (17/08/2015)
sectracker1034023
cvss2_nvd_basescore6.5

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!