A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability sending malicious requests to the affected device. An exploit could allow the attacker to modify values on or return values from the underlying database.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-02-19T19:15:48.591446Z
Updated: 2024-09-16T22:36:11.740Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3154
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-02-19T20:15:15.220
Modified: 2020-02-24T14:18:48.817
Link: CVE-2020-3154
Redhat
No data.