CVE-2021-1355

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
SQL Injection
Severity
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
ciscounified_communications_manager
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager
12.0 ≤
𝑥
< 12.0\(1\)su4
ciscounified_communications_manager
12.0 ≤
𝑥
< 12.0\(1\)su4
ciscounified_communications_manager
12.5 ≤
𝑥
< 12.5\(1\)su4
ciscounified_communications_manager
12.5 ≤
𝑥
< 12.5\(1\)su4
ciscounified_communications_manager_im_and_presence_service
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager_im_and_presence_service
12.0 ≤
𝑥
< 12.5\(1\)su4
𝑥
= Vulnerable software versions