Vulnerability Description
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Genesys | Intelligent Workload Distribution Manager | >= 9.0.013.11, < 9.0.017.07 |
Related Weaknesses (CWE)
References
- https://docs.genesys.com/Documentation/IWDProductRelease NotesVendor Advisory
- https://www.offensity.com/en/blog/authenticated-sql-injection-in-the-genesys-iwdExploitPatchThird Party Advisory
- https://docs.genesys.com/Documentation/IWDProductRelease NotesVendor Advisory
- https://www.offensity.com/en/blog/authenticated-sql-injection-in-the-genesys-iwdExploitPatchThird Party Advisory
FAQ
What is CVE-2021-40861?
CVE-2021-40861 is a vulnerability with a CVSS score of 7.2 (HIGH). A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with whi...
How severe is CVE-2021-40861?
CVE-2021-40861 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40861?
Check the references section above for vendor advisories and patch information. Affected products include: Genesys Intelligent Workload Distribution Manager.