| VID |
210204 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device.
* References:
http://packetstormsecurity.com/files/156239/Cisco-Data-Center-Network-Manager-11.2.1-SQL-Injection.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
* Platforms Affected:
Cisco Data Center Network Manager (DCNM) 11.3 before |
| Recommendation |
Upgrade Cisco Data Center Network Manager (DCNM) to 11.3 later |
| Related URL |
CVE-2019-15984 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
