CVE-2021-1363

CWE-89SQL Injection6 documents5 sources
Severity
8.1HIGH
EPSS
0.2%
top 61.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications Manager IM AND Presence ServiceCisco Cisco Unified Communications Manager IM AND Presence Service
Timeline
PublishedMay 6
Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to ob

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5cvv-whmf-q35w: Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authentica2022-05-24
CVEList
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities2021-05-06

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities2021-05-05

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet2021-11-22
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet2021-11-22
CVE-2021-1363 (HIGH CVSS 8.1) | Multiple vulnerabilities in the web | cvebase.io