ID
VAR-201711-0375
CVE
CVE-2017-12364
TITLE
Cisco Prime Service Catalog In SQL Injection vulnerability
Trust: 0.8
DESCRIPTION
A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333. Vendors have confirmed this vulnerability Bug ID CSCvg30333 It is released as.Information may be obtained and information may be altered. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | prime service catalog | scope: | eq | version: | 12.1 | Trust: 1.9 |
| vendor: | cisco | model: | prime service catalog | scope: | eq | version: | 12.0 | Trust: 1.9 |
| vendor: | cisco | model: | prime service catalog | scope: | eq | version: | 11.1.1 | Trust: 1.9 |
| vendor: | cisco | model: | prime service catalog | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
SQL injection
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20171129-prime | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-prime | Trust: 0.8 |
| title: | Cisco Prime Service Catalog SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76821 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-12364 | Trust: 2.8 |
| db: | BID | id: | 102004 | Trust: 2.0 |
| db: | SECTRACK | id: | 1039926 | Trust: 1.7 |
| db: | JVNDB | id: | JVNDB-2017-010413 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201711-1202 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-102879 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-prime | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/102004 | Trust: 1.7 |
| url: | http://www.securitytracker.com/id/1039926 | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12364 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-12364 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-102879 |
| db: | BID | id: | 102004 |
| db: | JVNDB | id: | JVNDB-2017-010413 |
| db: | CNNVD | id: | CNNVD-201711-1202 |
| db: | NVD | id: | CVE-2017-12364 |
LAST UPDATE DATE
2024-11-23T22:56:03.896000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-102879 | date: | 2019-10-09T00:00:00 |
| db: | BID | id: | 102004 | date: | 2017-12-19T22:37:00 |
| db: | JVNDB | id: | JVNDB-2017-010413 | date: | 2017-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-1202 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-12364 | date: | 2024-11-21T03:09:23.453 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-102879 | date: | 2017-11-30T00:00:00 |
| db: | BID | id: | 102004 | date: | 2017-11-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-010413 | date: | 2017-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-1202 | date: | 2017-12-01T00:00:00 |
| db: | NVD | id: | CVE-2017-12364 | date: | 2017-11-30T09:29:01.447 |