A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).
2016-10-27T21:59:14.860
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 8.8 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | evolved_programmable_network_manager | 1.2 | Yes |
| Application | cisco | evolved_programmable_network_manager | 2.0 | Yes |
| Application | cisco | prime_infrastructure | 1.2 | Yes |
| Application | cisco | prime_infrastructure | 1.2.0.103 | Yes |
| Application | cisco | prime_infrastructure | 1.2.1 | Yes |
| Application | cisco | prime_infrastructure | 1.3 | Yes |
| Application | cisco | prime_infrastructure | 1.3.0.20 | Yes |
| Application | cisco | prime_infrastructure | 1.4 | Yes |
| Application | cisco | prime_infrastructure | 1.4.0.45 | Yes |
| Application | cisco | prime_infrastructure | 1.4.1 | Yes |
| Application | cisco | prime_infrastructure | 1.4.2 | Yes |
| Application | cisco | prime_infrastructure | 2.0 | Yes |
| Application | cisco | prime_infrastructure | 2.1.0 | Yes |
| Application | cisco | prime_infrastructure | 2.2 | Yes |
| Application | cisco | prime_infrastructure | 2.2\(2\) | Yes |
| Application | cisco | prime_infrastructure | 3.0 | Yes |
| Application | cisco | prime_infrastructure | 3.1 | Yes |
| Application | cisco | prime_infrastructure | 3.1.1 | Yes |