CVE-2020-3184 MEDIUM

CVE-2020-3184: Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability

Vendor Cisco

Product Cisco Prime Collaboration Provisioning

Weakness CWE-89 · SQLi

Published May 22, 2020

Last update November 15, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete.

Key dates

02Disclosure timeline

May 22, 2020 CVE published

November 15, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3184 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2020-3184

CWE CWE-89

CVSS 6.7 / MEDIUM

Affected versions