CVE-2021-1365SQL Injection in Cisco Unified Communications Manager IM AND Presence Service

CWE-89SQL Injection6 documents5 sources
Severity
8.1HIGHNVD
CNA7.1
EPSS
0.2%
top 61.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications Manager IM AND Presence ServiceCisco Unified Communications Manager IM AND Presence Service
Timeline
PublishedMay 6
Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to ob

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-2f8j-27cg-4598: Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authentica2022-05-24
CVEList
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities2021-05-06

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities2021-05-05

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet2021-11-22
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet2021-11-22
CVE-2021-1365 — SQL Injection in Cisco | cvebase