Per Rynning

**Name of the Vulnerable Software and Affected Versions** Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure (affected versions not specified) **Description** A flaw exists in the web-based management interface that could let an attacker redirect a user to a harmful web page without needing to authenticate. This happens because the system doesn't properly check the input in HTTP requests. An attacker can take advantage of this by changing an HTTP request sent by a user, potentially redirecting them to a malicious site. The vulnerability is due to improper input validation of parameters in the HTTP request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Prime Infrastructure (affected versions not specified) Cisco Evolved Programmable Network Manager (EPNM) (affected versions not specified) **Description** A vulnerability exists in a subset of REST APIs in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM). This issue could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack due to insufficient validation of user-supplied input. A successful exploit could allow the attacker to view data in some database tables on an affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.