CVE-2017-6698

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) versions 2.0(4.0.45B) through 3.1(1)

Description A SQL Injection issue in the SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries.

Recommendations For versions 2.0(4.0.45B) through 3.1(1), consider restricting access to the SQL database interface until a patch is available. As a temporary workaround, avoid using the SQL database interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.