CVE-2018-0320

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration Provisioning (PCP) versions prior to 12.1

Description A vulnerability in the web framework code could allow an unauthenticated, remote attacker to execute arbitrary SQL queries due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this by sending crafted URLs that contain malicious SQL statements to the affected application.

Recommendations For versions prior to 12.1, update to a version later than 12.1 to resolve the issue. As a temporary workaround, consider restricting access to the application to minimize the risk of exploitation. Avoid using user-supplied input in SQL queries until the issue is resolved.