CVE-2021-1364

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) (affected versions not specified) Cisco Unified Communications Manager (Unified CM) (affected versions not specified) Cisco Unified Communications Manager Session Management Edition (Unified CM SME) (affected versions not specified)

Description: The issue is related to multiple vulnerabilities in the Cisco Unified Communications Manager IM & Presence Service, including path traversal and SQL injection attacks. These vulnerabilities could allow an attacker to conduct SQL injection attacks on an affected system. The vulnerabilities are also related to input validation errors. There is no information provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations: For Cisco Unified Communications Manager IM & Presence Service, consider restricting access to the system until a fix is available. For Cisco Unified Communications Manager, restrict access to the vulnerable components to minimize the risk of exploitation. For Cisco Unified Communications Manager Session Management Edition, avoid using the vulnerable functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.