CVE-2018-15447 is a vulnerability in Cisco Integrated Management Controller
Published on November 8, 2018
Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability
A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2018-15447 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2018-15447
Want to know whenever a new CVE is published for Cisco Integrated Management Controller? stack.watch will email you.
Affected Versions
Cisco Integrated Management Controller (IMC) Supervisor Version n/a is affected by CVE-2018-15447Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.