Lucene search

CiscoCVE-2015-6350

HistoryOct 30, 2015 - 10:59 a.m.

CVE-2015-6350

2015-10-3010:59:08

CWE-89

cisco

web.nvd.nist.gov

cve-2015-6350

sql injection

cisco

prime service catalog 11.0

remote authenticated users

arbitrary sql commands

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

41.4%

JSON

SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.

Affected configurations

Nvd

Node

ciscoprime_service_catalogMatch11.0_base

VendorProductVersionCPE
ciscoprime_service_catalog11.0_basecpe:2.3:a:cisco:prime_service_catalog:11.0_base:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_service_catalog	11.0_base	cpe:2.3:a:cisco:prime_service_catalog:11.0_base:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc

www.securitytracker.com/id/1034023

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

41.4%

JSON

Related for CVE-2015-6350