Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1355

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

Published

2021-01-20T20:15:17.610

Last Modified

2024-11-21T05:44:09.980

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-35
  • Type: Primary
    CWE-89
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco unified_communications_manager < 11.5\(1\)su9 Yes
Application cisco unified_communications_manager < 11.5\(1\)su9 Yes
Application cisco unified_communications_manager < 12.0\(1\)su4 Yes
Application cisco unified_communications_manager < 12.0\(1\)su4 Yes
Application cisco unified_communications_manager < 12.5\(1\)su4 Yes
Application cisco unified_communications_manager < 12.5\(1\)su4 Yes
Application cisco unified_communications_manager_im_and_presence_service < 11.5\(1\)su9 Yes
Application cisco unified_communications_manager_im_and_presence_service < 12.5\(1\)su4 Yes
References