CVE-2022-20786

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This issue is due to improper validation of user-submitted parameters, such as username and password. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system, potentially targeting API endpoints like "/api/v1/login" or "/users/{id}". A successful exploit could allow the attacker to obtain or modify data stored in the underlying database of the affected system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.