CVE-2021-40861

Name of the Vulnerable Software and Affected Versions Genesys intelligent Workload Distribution (IWD) version 9.0.017.07

Description A SQL Injection issue in the custom filter query component allows an attacker to execute arbitrary SQL queries via the value attribute. This enables the extraction of all data in the database and potentially allows OS command execution, depending on the permissions and/or database engine.

Recommendations For Genesys intelligent Workload Distribution (IWD) version 9.0.017.07, consider restricting access to the custom filter query component to minimize the risk of exploitation. Avoid using the value attribute in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.