CVE-2021-1365

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM & Presence Service (affected versions not specified)

Description The issue is related to improper validation of user-submitted parameters in the web-based management interface, allowing an authenticated, remote attacker to conduct SQL injection attacks. This could enable the attacker to obtain or modify data stored in the underlying database by sending malicious requests after authenticating to the application. The vulnerability is also described as a failure to protect the SQL query structure, which could allow a remote attacker to execute arbitrary SQL queries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.