SB2020010812 - Multiple vulnerabilities in Cisco Data Center Network Manager
Published: January 8, 2020 Updated: February 20, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 129 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
2) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
3) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
4) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
5) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
6) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
7) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
8) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
9) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
10) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
11) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
12) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
13) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
14) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
15) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
16) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
17) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
18) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
19) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
20) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
21) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
22) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
23) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
24) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
25) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
26) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
27) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
28) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
29) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
30) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
31) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
32) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
33) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
34) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
35) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
36) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
37) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
38) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
39) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
40) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
41) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
42) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
43) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
44) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
45) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
46) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
47) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
48) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
49) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
50) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
51) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
52) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
53) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
54) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
55) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
56) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
57) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
58) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
59) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
60) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
61) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
62) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
63) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
64) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
65) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
66) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
67) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
68) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
69) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
70) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
71) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
72) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
73) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
74) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
75) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getN3KBufferStatList" method to the "getN3KBufferStatDataLength" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
76) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "item" parameter in the "checkDiscoveryEthSwCandidates4List" method to the "deepDiscoverForSelectedLanMembers" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
77) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "ip" parameter in the "createSite" method in "rest/msm/sites" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
78) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "name" parameter in the "createSite" method in "rest/msm/sites" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
79) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "fabricName" parameter in the "setVxlanProperties" method in "rest/settings/vxlan" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
80) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "switch-id" parameter in the "getDiscoveredDeviceCount" method in "rest/topology/switches/otv/feature" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
81) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "hostname" parameter in the "getDiscoveredDeviceCount" method in "rest/topology/switches/otv/feature" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
82) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "group-id" parameter in the "getDiscoveredDeviceCount" method in "rest/topology/switches/otv/feature" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
83) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getSanSwitchBandwidthStatList" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
84) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getLanSwitchBandwidthStatList" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
85) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the third argument to the "getVpcConsistentDataLength" endpoint in the "getVpcCount" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
86) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter of the "getSensorDataLength" endpoint in the "getList" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
87) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "sortType" parameter in the "getList" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
88) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "second" parameter of the "modifyGroupName" endpoint. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
89) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "serialNumber" parameter in the "getSwitchDbIdBySerialNumber" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
90) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "fabTemplate" parameter in the "getConfigTemplateFileName" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
91) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getRpmJobLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
92) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "serialNumber" parameter in the "getSwitchName" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
93) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "colFilterStr" parameter in the "getLanSwitchDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
94) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "destinationInterface" parameter in the "checkLinkUUID" method. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
95) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "colFilterStr" parameter in the "getLanSwitchDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
96) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "colFilterStr" parameter in the "getSanSwitchDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
97) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getVsanDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
98) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getZoneDataLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
99) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getJobLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
100) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getVpcCount" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
101) SQL injection (CVE-ID: CVE-2019-15984)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the REST API due to insufficient sanitization of user-supplied data passed via the "filterStr" parameter in the "getGirTaskLength" method. A remote administrator can send a specially crafted request to the affected application and gain access to sensitive information on the target system.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
102) SQL injection (CVE-ID: CVE-2019-15985)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the SOAP API due to insufficient sanitization of user-supplied data in "getEndPortConnectionsForStorageEnclosure" endpoint in the "DbInventoryWSService/DbInventoryWS" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
103) SQL injection (CVE-ID: CVE-2019-15985)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists in the SOAP API due to insufficient sanitization of user-supplied data in "getEndPortConnectionsForStorageSystem" endpoint in the "DbInventoryWSService/DbInventoryWS" service. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
104) XML External Entity injection (CVE-ID: CVE-2019-15983)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in the SOAP API due to insufficient validation of user-supplied XML input within the getInventoryIslList SOAP endpoint of "DashboardWSService/DashboardWS". A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
105) XML External Entity injection (CVE-ID: CVE-2019-15983)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in the SOAP API due to insufficient validation of user-supplied XML input within the addGroupNavigation SOAP endpoint of "DbAdminWSService/DbAdminWS". A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
106) XML External Entity injection (CVE-ID: CVE-2019-15983)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in the SOAP API due to insufficient validation of user-supplied XML input in "rest/cable-plans/import". A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
107) XML External Entity injection (CVE-ID: CVE-2019-15983)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in the SOAP API due to insufficient validation of user-supplied XML input within the "getTopologyVlanList" SOAP endpoint of DashboardWS. A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
108) Path traversal (CVE-ID: CVE-2019-15982)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the Application Framework feature due to input validation error when processing directory traversal sequences within the "AFW Image Upload" component. A remote administrator can send a specially crafted HTTP request and execute arbitrary files on the system.
109) Path traversal (CVE-ID: CVE-2019-15981)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the SOAP API within the SOAP storeConfigToFS endpoint of the "WebAnalysisWSService/WebAnalysisWS" path in the service. A remote authenticated attacker can send a specially crafted HTTP request and cause a denial of service (DoS) condition on the system.
110) Path traversal (CVE-ID: CVE-2019-15981)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the SOAP API within the readConfigFileFromDBAsXML SOAP endpoint called by accessing the "WebAnalysisWSService/WebAnalysis" path in the service. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
111) Path traversal (CVE-ID: CVE-2019-15981)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the SOAP API within the SOAP deleteReportTemplate endpoint of the "ReportWSService/ReportWS" path in the service. A remote authenticated attacker can send a specially crafted HTTP request and cause a denial of service (DoS) on the system.
112) Path traversal (CVE-ID: CVE-2019-15981)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the SOAP API within the readConfigFileFromDB SOAP endpoint called by accessing the "WebAnalysisWSService/WebAnalysis" path in the service. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
113) Path traversal (CVE-ID: CVE-2019-15980)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the REST API within the "fm/fmrest/dbadmin/saveLicenseFileToServer" path in the service. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.
114) Path traversal (CVE-ID: CVE-2019-15980)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the REST API within the "fm/fmrest/dbadmin/runZoneMigrationForBrocade" path in the service. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.
115) Path traversal (CVE-ID: CVE-2019-15980)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the REST API within the "ConfigArchiveRest" method called by accessing the "fm/fmrest/config/archive/restore/log" path in the service in the "getRestoreLog" component. A remote authenticated attacker can send a specially crafted HTTP request and and read arbitrary files on the system.
116) Path traversal (CVE-ID: CVE-2019-15980)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the REST API within the "fm/fmrest/report/reporttemplateuploadpolicy" path in the service. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.
117) Path traversal (CVE-ID: CVE-2019-15980)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the REST API within the "fm/fmrest/dbadmin/installSwitchLicense" path in the service in the "DbAdminRest" component. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.
118) Path traversal (CVE-ID: CVE-2019-15980)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the REST API within the processing of requests to the switch-definitions and upload endpoints in the "writeToFile" component. A remote administrator can send a specially crafted HTTP request and execute arbitrary code on the target system.
119) Path traversal (CVE-ID: CVE-2019-15980)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the REST API within the processing of requests to the "rest/auto-config/fabrics/abc/deployments/files" endpoint in the "getDeployContent" component. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
120) OS Command Injection (CVE-ID: CVE-2019-15979)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists in the SOAP API within the processing of requests to the importTS endpoint of the SanWSService/SanWS service. A remote administrator can send a specially crafted request and execute arbitrary OS commands on the target device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
121) OS Command Injection (CVE-ID: CVE-2019-15978)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists in the REST API due to insufficient validation of user-supplied input when the processing of requests to the fabrics endpoint in the "createLanFabric" component. A remote administrator can send a specially crafted request and execute arbitrary OS commands on the target device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
122) Use of hard-coded credentials (CVE-ID: CVE-2019-15977)
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists in the web-based management interface within the processing of web requests due to the presence of static credentials in the "JBoss_4_2Encrypter" component. A remote unauthenticated attacker can access a specific section of the web interface and obtain certain confidential information from an affected device
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
123) Use of hard-coded credentials (CVE-ID: CVE-2019-15977)
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists in the web-based management interface within the processing of web requests due to the presence of static credentials in "serverinfo" component. A remote unauthenticated attacker can access a specific section of the web interface and obtain certain confidential information from an affected device
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
124) Use of hard-coded credentials (CVE-ID: CVE-2019-15976)
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists in the SOAP API endpoint within the validation of SSO tokens of SOAP packets due to a static encryption key is shared between installations. A remote unauthenticated attacker can access the affected system using the static key to craft a valid session token and perform arbitrary actions through the SOAP API with administrative privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
125) Use of hard-coded credentials (CVE-ID: CVE-2019-15975)
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists in the REST API endpoint within the processing of the dbadmin/addUser functionality due to a static encryption key is shared between installations. A remote unauthenticated attacker can access the affected system using the static key to craft a valid session token and perform arbitrary actions through the REST API with administrative privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
126) Improper access control (CVE-ID: CVE-2019-15999)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to an incorrect configuration of the authentication settings on the JBoss EAP. A remote authenticated attacker can bypass implemented security restrictions and gain unauthorized access to the JBoss EAP.
127) Cross-site request forgery (CVE-ID: CVE-2020-3114)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in the web-based management interface. A remote attacker can trick the victim to visit a specially crafted web page and follow a malicious link while having an active session on an affected device.
128) Cross-site scripting (CVE-ID: CVE-2020-3113)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote administrator can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
129) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-3112)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient access control validation in the REST API endpoint. A remote authenticated attacker can send a specially crafted request to the API and interact with the API with administrative privileges.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-sql-inject
- https://www.zerodayinitiative.com/advisories/ZDI-20-016/
- https://www.zerodayinitiative.com/advisories/ZDI-20-017/
- https://www.zerodayinitiative.com/advisories/ZDI-20-018/
- https://www.zerodayinitiative.com/advisories/ZDI-20-019/
- https://www.zerodayinitiative.com/advisories/ZDI-20-020/
- https://www.zerodayinitiative.com/advisories/ZDI-20-021/
- https://www.zerodayinitiative.com/advisories/ZDI-20-022/
- https://www.zerodayinitiative.com/advisories/ZDI-20-023/
- https://www.zerodayinitiative.com/advisories/ZDI-20-024/
- https://www.zerodayinitiative.com/advisories/ZDI-20-025/
- https://www.zerodayinitiative.com/advisories/ZDI-20-026/
- https://www.zerodayinitiative.com/advisories/ZDI-20-027/
- https://www.zerodayinitiative.com/advisories/ZDI-20-028/
- https://www.zerodayinitiative.com/advisories/ZDI-20-029/
- https://www.zerodayinitiative.com/advisories/ZDI-20-030/
- https://www.zerodayinitiative.com/advisories/ZDI-20-031/
- https://www.zerodayinitiative.com/advisories/ZDI-20-032/
- https://www.zerodayinitiative.com/advisories/ZDI-20-033/
- https://www.zerodayinitiative.com/advisories/ZDI-20-034/
- https://www.zerodayinitiative.com/advisories/ZDI-20-035/
- https://www.zerodayinitiative.com/advisories/ZDI-20-036/
- https://www.zerodayinitiative.com/advisories/ZDI-20-037/
- https://www.zerodayinitiative.com/advisories/ZDI-20-038/
- https://www.zerodayinitiative.com/advisories/ZDI-20-039/
- https://www.zerodayinitiative.com/advisories/ZDI-20-040/
- https://www.zerodayinitiative.com/advisories/ZDI-20-041/
- https://www.zerodayinitiative.com/advisories/ZDI-20-042/
- https://www.zerodayinitiative.com/advisories/ZDI-20-043/
- https://www.zerodayinitiative.com/advisories/ZDI-20-044/
- https://www.zerodayinitiative.com/advisories/ZDI-20-045/
- https://www.zerodayinitiative.com/advisories/ZDI-20-046/
- https://www.zerodayinitiative.com/advisories/ZDI-20-047/
- https://www.zerodayinitiative.com/advisories/ZDI-20-048/
- https://www.zerodayinitiative.com/advisories/ZDI-20-049/
- https://www.zerodayinitiative.com/advisories/ZDI-20-050/
- https://www.zerodayinitiative.com/advisories/ZDI-20-051/
- https://www.zerodayinitiative.com/advisories/ZDI-20-052/
- https://www.zerodayinitiative.com/advisories/ZDI-20-053/
- https://www.zerodayinitiative.com/advisories/ZDI-20-054/
- https://www.zerodayinitiative.com/advisories/ZDI-20-055/
- https://www.zerodayinitiative.com/advisories/ZDI-20-056/
- https://www.zerodayinitiative.com/advisories/ZDI-20-057/
- https://www.zerodayinitiative.com/advisories/ZDI-20-058/
- https://www.zerodayinitiative.com/advisories/ZDI-20-059/
- https://www.zerodayinitiative.com/advisories/ZDI-20-060/
- https://www.zerodayinitiative.com/advisories/ZDI-20-063/
- https://www.zerodayinitiative.com/advisories/ZDI-20-064/
- https://www.zerodayinitiative.com/advisories/ZDI-20-065/
- https://www.zerodayinitiative.com/advisories/ZDI-20-066/
- https://www.zerodayinitiative.com/advisories/ZDI-20-067/
- https://www.zerodayinitiative.com/advisories/ZDI-20-068/
- https://www.zerodayinitiative.com/advisories/ZDI-20-069/
- https://www.zerodayinitiative.com/advisories/ZDI-20-070/
- https://www.zerodayinitiative.com/advisories/ZDI-20-071/
- https://www.zerodayinitiative.com/advisories/ZDI-20-072/
- https://www.zerodayinitiative.com/advisories/ZDI-20-073/
- https://www.zerodayinitiative.com/advisories/ZDI-20-074/
- https://www.zerodayinitiative.com/advisories/ZDI-20-075/
- https://www.zerodayinitiative.com/advisories/ZDI-20-076/
- https://www.zerodayinitiative.com/advisories/ZDI-20-077/
- https://www.zerodayinitiative.com/advisories/ZDI-20-078/
- https://www.zerodayinitiative.com/advisories/ZDI-20-079/
- https://www.zerodayinitiative.com/advisories/ZDI-20-080/
- https://www.zerodayinitiative.com/advisories/ZDI-20-081/
- https://www.zerodayinitiative.com/advisories/ZDI-20-082/
- https://www.zerodayinitiative.com/advisories/ZDI-20-083/
- https://www.zerodayinitiative.com/advisories/ZDI-20-084/
- https://www.zerodayinitiative.com/advisories/ZDI-20-085/
- https://www.zerodayinitiative.com/advisories/ZDI-20-086/
- https://www.zerodayinitiative.com/advisories/ZDI-20-087/
- https://www.zerodayinitiative.com/advisories/ZDI-20-088/
- https://www.zerodayinitiative.com/advisories/ZDI-20-089/
- https://www.zerodayinitiative.com/advisories/ZDI-20-090/
- https://www.zerodayinitiative.com/advisories/ZDI-20-091/
- https://www.zerodayinitiative.com/advisories/ZDI-20-092/
- https://www.zerodayinitiative.com/advisories/ZDI-20-093/
- https://www.zerodayinitiative.com/advisories/ZDI-20-094/
- https://www.zerodayinitiative.com/advisories/ZDI-20-095/
- https://www.zerodayinitiative.com/advisories/ZDI-20-096/
- https://www.zerodayinitiative.com/advisories/ZDI-20-097/
- https://www.zerodayinitiative.com/advisories/ZDI-20-098/
- https://www.zerodayinitiative.com/advisories/ZDI-20-099/
- https://www.zerodayinitiative.com/advisories/ZDI-20-110/
- https://www.zerodayinitiative.com/advisories/ZDI-20-111/
- https://www.zerodayinitiative.com/advisories/ZDI-20-112/
- https://www.zerodayinitiative.com/advisories/ZDI-20-113/
- https://www.zerodayinitiative.com/advisories/ZDI-20-115/
- https://www.zerodayinitiative.com/advisories/ZDI-20-116/
- https://www.zerodayinitiative.com/advisories/ZDI-20-121/
- https://www.zerodayinitiative.com/advisories/ZDI-20-104/
- https://www.zerodayinitiative.com/advisories/ZDI-20-105/
- https://www.zerodayinitiative.com/advisories/ZDI-20-106/
- https://www.zerodayinitiative.com/advisories/ZDI-20-107/
- https://www.zerodayinitiative.com/advisories/ZDI-20-108/
- https://www.zerodayinitiative.com/advisories/ZDI-20-109/
- https://www.zerodayinitiative.com/advisories/ZDI-20-061/
- https://www.zerodayinitiative.com/advisories/ZDI-20-062/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-xml-ext-entity
- https://www.zerodayinitiative.com/advisories/ZDI-20-114/
- https://www.zerodayinitiative.com/advisories/ZDI-20-117/
- https://www.zerodayinitiative.com/advisories/ZDI-20-119/
- https://www.zerodayinitiative.com/advisories/ZDI-20-120/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav
- https://www.zerodayinitiative.com/advisories/ZDI-20-103/
- https://www.zerodayinitiative.com/advisories/ZDI-20-009/
- https://www.zerodayinitiative.com/advisories/ZDI-20-010/
- https://www.zerodayinitiative.com/advisories/ZDI-20-014/
- https://www.zerodayinitiative.com/advisories/ZDI-20-015/
- https://www.zerodayinitiative.com/advisories/ZDI-20-004/
- https://www.zerodayinitiative.com/advisories/ZDI-20-005/
- https://www.zerodayinitiative.com/advisories/ZDI-20-006/
- https://www.zerodayinitiative.com/advisories/ZDI-20-007/
- https://www.zerodayinitiative.com/advisories/ZDI-20-011/
- https://www.zerodayinitiative.com/advisories/ZDI-20-101/
- https://www.zerodayinitiative.com/advisories/ZDI-20-118/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject
- https://www.zerodayinitiative.com/advisories/ZDI-20-100/
- https://www.zerodayinitiative.com/advisories/ZDI-20-102/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-auth-bypass
- https://www.zerodayinitiative.com/advisories/ZDI-20-013/
- https://www.zerodayinitiative.com/advisories/ZDI-20-012/
- https://www.zerodayinitiative.com/advisories/ZDI-20-008/
- https://www.zerodayinitiative.com/advisories/ZDI-20-003/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-dcnm-csrf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-dcnm-xss
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-dcnm-priv-esc