Cisco Prime Infrastructure 3.1 Device Pack7
Approved changes feed: RSS · Atom
cpe:2.3:a:cisco:prime_infrastructure:3.1:device_pack7:*:*:*:*:*:*
part: a version: 3.1 update: device_pack7
| Vendor | Cisco (e1b3baff-aaf9-56a6-a68a-41e28ce616a5) |
|---|---|
| Product | Prime Infrastructure (f8fffb67-260d-542a-8aa5-93ac7f4ea9c3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-20272 |
vulnerable | 2026-06-03 14:59:13.922165 |
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Blind SQL Injection Vulnerability
MEDIUM (4.3)
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected API. A successful exploit could allow the attacker to view data in some database tables on an affected device.
Published: 2025-07-16T16:16:28.878Z
Updated: 2025-07-18T14:30:51.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-20120 |
vulnerable | 2026-06-03 14:59:07.615968 |
Details available
MEDIUM (6.1)
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Published: 2025-04-02T16:16:54.694Z
Updated: 2025-04-02T16:33:02.226Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.