CVE-2017-12364

Name of the Vulnerable Software and Affected Versions Cisco Prime Service Catalog (affected versions not specified)

Description A SQL Injection issue in the web framework could allow an unauthenticated, remote attacker to execute unauthorized SQL queries due to a failure to validate user-supplied input. An attacker could exploit this by sending a crafted SQL statement to an affected system, potentially allowing them to read entries in some database tables.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.