CVE-2021-40860

Name of the Vulnerable Software and Affected Versions Genesys intelligent Workload Distribution (IWD) versions prior to 9.0.013.11

Description A SQL Injection issue in the custom filter query component allows an attacker to execute arbitrary SQL queries via the ql expression parameter. This enables the extraction of all data in the database and potentially allows OS command execution, depending on the permissions and/or database engine.

Recommendations For versions prior to 9.0.013.11, update to version 9.0.013.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the custom filter query component to minimize the risk of exploitation. Avoid using the ql expression parameter in the affected component until the issue is resolved.