SQL Injection in Cisco Secure_access_control_system
CVE-2015-0580
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS r…
Vulnerability class: SQL Injection
EPSS: 0.001 (28.1th percentile) — read the EPSS interpretation.
Affected products
- Cisco Secure_access_control_system
- N/a — versions n/a
Weakness classification (CWE)
References
- 20150211 Cisco Secure Access Control System SQL Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- cisco-acs-cve20150580-sql-injection(100812) (vdb-entry, x_refsource_XF)
- 72576 (vdb-entry, x_refsource_BID)
- 1031740 (vdb-entry, x_refsource_SECTRACK)