This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2018-11-28
Product Prime License Manager Last view 2018-11-28
Version 11.5(1) Type Application
Update su5  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:prime_license_manager

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2018-11-28 CVE-2018-15441

A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

Snort® IPS/IDS

Date Description
2020-12-05 Cisco Prime License Manager SQL injection attempt
RuleID : 48455 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco Prime License Manager SQL injection attempt
RuleID : 48454 - Type : SERVER-WEBAPP - Revision : 1