CVE-2020-3184SQL Injection in Cisco Prime Collaboration Provisioning

CWE-89SQL Injection4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.4%
top 40.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Prime Collaboration ProvisioningCisco Prime Collaboration Provisioning
Timeline
PublishedMay 22
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected s

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-xfhc-xhx2-ffp9: A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker2022-05-24
CVEList
Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability2020-05-22

📋Vendor Advisories

1
Cisco
Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability2020-05-20
CVE-2020-3184 — SQL Injection in Cisco | cvebase