CVE-2020-27134

Name of the Vulnerable Software and Affected Versions Cisco Jabber for Windows (affected versions not specified) Cisco Jabber for MacOS (affected versions not specified) Cisco Jabber for mobile platforms (affected versions not specified)

Description The issue concerns multiple vulnerabilities in Cisco Jabber platforms, potentially allowing an attacker to execute arbitrary programs on the underlying operating system with elevated privileges or gain access to sensitive information. One of the vulnerabilities is related to insufficient protection of the SQL query structure, which could allow a remote attacker to execute arbitrary SQL queries.

Recommendations For Cisco Jabber for Windows, consider disabling any features that may be related to the SQL query structure until a patch is available. For Cisco Jabber for MacOS, restrict access to sensitive information and monitor for any suspicious activity. For Cisco Jabber for mobile platforms, avoid using any potentially vulnerable functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.