CVE-2017-12364

medium Cisco
CVSS v3 Base Score
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.3%
Exploitation probability in 30 days
Top 45% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
None
Published: November 30, 2017 (3087 days ago)
Last Modified: May 13, 2026
Vendor: Cisco
Source: NVD

Description

A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333.

CWE

CWE-89

Affected Products

cisco prime service catalog

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 tools.cisco.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com