CVE-2021-1363

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM & Presence Service (affected versions not specified)

Description The issue is related to improper validation of user-submitted parameters in the web-based management interface, allowing an authenticated, remote attacker to conduct SQL injection attacks. This could enable the attacker to obtain or modify data stored in the underlying database by sending malicious requests. The vulnerability is due to a lack of protection against SQL query structure exploitation, which could allow a remote attacker to execute arbitrary SQL commands and gain unauthorized access to modify data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.