Sign-up

ID

VAR-201510-0027


CVE

CVE-2015-6350


TITLE

Cisco Prime Service Catalog of Web In the framework SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005687

DESCRIPTION

SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCuw50843. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 1.98

sources: NVD: CVE-2015-6350 // JVNDB: JVNDB-2015-005687 // BID: 77352 // VULHUB: VHN-84311

AFFECTED PRODUCTS

vendor:ciscomodel:prime service catalogscope:eqversion:11.0_base

Trust: 1.6

vendor:ciscomodel:prime service catalogscope:eqversion:11.0

Trust: 1.1

sources: BID: 77352 // JVNDB: JVNDB-2015-005687 // CNNVD: CNNVD-201510-784 // NVD: CVE-2015-6350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6350
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6350
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-784
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84311
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6350
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84311
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84311 // JVNDB: JVNDB-2015-005687 // CNNVD: CNNVD-201510-784 // NVD: CVE-2015-6350

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-84311 // JVNDB: JVNDB-2015-005687 // NVD: CVE-2015-6350

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-784

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201510-784

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005687

PATCH
title:cisco-sa-20151028-pscurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-005687

EXTERNAL IDS
db:NVDid:CVE-2015-6350
Trust: 2.8
db:SECTRACKid:1034023
Trust: 1.1
db:JVNDBid:JVNDB-2015-005687
Trust: 0.8
db:CNNVDid:CNNVD-201510-784
Trust: 0.7
db:BIDid:77352
Trust: 0.4
db:VULHUBid:VHN-84311
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84311 // 
            
            
            
            BID: 77352 // 
            
            
            
            JVNDB: JVNDB-2015-005687 // 
            
            
            
            CNNVD: CNNVD-201510-784 // 
            
            
            
            NVD: CVE-2015-6350

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151028-psc
Trust: 2.0
url:http://www.securitytracker.com/id/1034023
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6350
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6350
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84311 // 
            
            
            
            BID: 77352 // 
            
            
            
            JVNDB: JVNDB-2015-005687 // 
            
            
            
            CNNVD: CNNVD-201510-784 // 
            
            
            
            NVD: CVE-2015-6350

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 77352

SOURCES
db:VULHUBid:VHN-84311
db:BIDid:77352
db:JVNDBid:JVNDB-2015-005687
db:CNNVDid:CNNVD-201510-784
db:NVDid:CVE-2015-6350

LAST UPDATE DATE
2024-11-23T23:05:38.219000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84311date:2016-12-07T00:00:00
db:BIDid:77352date:2015-10-28T00:00:00
db:JVNDBid:JVNDB-2015-005687date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-784date:2015-11-02T00:00:00
db:NVDid:CVE-2015-6350date:2024-11-21T02:34:50.047

SOURCES RELEASE DATE
db:VULHUBid:VHN-84311date:2015-10-30T00:00:00
db:BIDid:77352date:2015-10-28T00:00:00
db:JVNDBid:JVNDB-2015-005687date:2015-11-02T00:00:00
db:CNNVDid:CNNVD-201510-784date:2015-10-30T00:00:00
db:NVDid:CVE-2015-6350date:2015-10-30T10:59:08.433