How severe is CVE-2020-3184?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-3184?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2020-3184 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete.

Related Vulnerabilities

CVE-2022-0362

MEDIUM

CVSS:6.7(Medium)

SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.

CWE-892022

CVE-2023-0620

MEDIUM

CVSS:6.7(Medium)

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the M...

CWE-892023

CVE-2023-1578

MEDIUM

CVSS:6.7(Medium)

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.

CWE-892023

CVE-2023-46806

MEDIUM

CVSS:6.7(Medium)

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

CWE-892023

CVE-2023-46807

MEDIUM

CVSS:6.7(Medium)

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

CWE-892023

CVE-2024-39843

MEDIUM

CVSS:6.7(Medium)

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.

CWE-892024