CVE-2021-1355

CWE-35CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 39.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Unified Communications ManagerCisco Unified Communications Manager IM AND Presence ServiceCisco Cisco Unified Communications Manager
Timeline
PublishedJan 20
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an aff

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/unified_communications_manager12.012.0\(1\)su4+2

🔴Vulnerability Details

2
GHSA
GHSA-xp6m-4hv5-x9xm: Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path trave2022-05-24
CVEList
Cisco Unified Communications Products Vulnerabilities2021-01-20

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Products Vulnerabilities2021-01-20
CVE-2021-1355 (MEDIUM CVSS 6.5) | Multiple vulnerabilities in Cisco U | cvebase.io