CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-3154

A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability sending malicious requests to the affected device. An exploit could allow the attacker to modify values on or return values from the underlying database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.0%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cws-inject-6YTdx7AO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cws-inject-6YTdx7AO

Products affected by CVE-2020-3154

Cisco » Cloud Web Security » Version: 5.2(0)

cpe:2.3:a:cisco:cloud_web_security:5.2(0)

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-3154

Products

Pricing

Contact Us