Unrated severityNVD Advisory· Published Feb 19, 2020· Updated Nov 15, 2024
Cisco Cloud Web Security SQL Injection Vulnerability
CVE-2020-3154
Description
A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability sending malicious requests to the affected device. An exploit could allow the attacker to modify values on or return values from the underlying database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cws-inject-6YTdx7AOmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.