CVE-2019-15985

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM), which could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. The vulnerabilities are also related to input validation errors in the REST API interface, which could allow a remote attacker to gain unauthorized access to protected information, impact data integrity, or execute arbitrary commands in the underlying operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.