SQL Injection in Cisco Prime_collaboration

CVE-2015-4188

SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.

Vulnerability class: SQL Injection

EPSS: 0.003 (51.3th percentile) — read the EPSS interpretation.

Affected products

Cisco Prime_collaboration — versions 10.5\(1\)
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

1032592 (vdb-entry, x_refsource_SECTRACK)
75268 (vdb-entry, x_refsource_BID)
20150616 Cisco Prime Collaboration Manager SQL Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)