CVE-2021-1357

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) (affected versions not specified) Cisco Unified Communications Manager (Unified CM) (affected versions not specified) Cisco Unified Communications Manager Session Management Edition (Unified CM SME) (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the Cisco Unified Communications Manager IM & Presence Service, including path traversal and SQL injection attacks. These vulnerabilities could allow an attacker to conduct SQL injection attacks on an affected system. The vulnerabilities are also related to input validation errors, which could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For Cisco Unified Communications Manager IM & Presence Service, consider restricting access to sensitive data until a patch is available. For Cisco Unified Communications Manager, restrict access to the SQL database to minimize the risk of exploitation. For Cisco Unified Communications Manager Session Management Edition, avoid using vulnerable SQL queries in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.