A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-12-08T14:58:13
Updated: 2024-08-04T02:51:07.703Z
Reserved: 2021-09-10T00:00:00
Link: CVE-2021-40861
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-12-08T15:15:10.127
Modified: 2021-12-13T15:08:28.390
Link: CVE-2021-40861
Redhat
No data.