CVE-2020-3462

Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager (DCNM) (affected versions not specified)

Description: The issue is related to a vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) that could allow an authenticated, remote attacker to conduct SQL injection attacks. This is due to improper validation of user-submitted parameters. An attacker could exploit this by authenticating to the application and sending malicious requests, potentially obtaining and modifying sensitive information stored in the underlying database. The vulnerability may also allow an attacker to impact data integrity, gain unauthorized access to protected information, and cause a denial of service.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.