SQL Injection in Cisco Prime_collaboration_provisioning

CVE-2015-6329

SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.

Vulnerability class: SQL Injection

EPSS: 0.016 (72.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Prime_collaboration_provisioning — versions 10.6.0, 11.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

1033783 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20151008 Cisco Prime Collaboration Provisioning SQL Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)