SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.
http://www.securitytracker.com/id/1034023
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc