CVE-2019-15995

Name of the Vulnerable Software and Affected Versions Cisco DNA Center versions (affected versions not specified) Cisco DNA Spaces: Connector versions (affected versions not specified)

Description The issue is related to the lack of protection against SQL query structure attacks in the web interface of the system. This could allow a remote attacker to execute arbitrary code or SQL queries. The vulnerability exists due to improper validation of user-supplied input. An attacker could exploit this by entering malicious SQL statements in an affected field, potentially allowing them to remove the SQL database.

Recommendations For Cisco DNA Center, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco DNA Spaces: Connector, at the moment, there is no information about a newer version that contains a fix for this vulnerability.