CVE-2021-40861

HIGH

Genesys IWD 9.0.017.07 - SQL Injection

Title source: llm
STIX 2.1

Description

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.

References (2)

Core 2
Core References
Product, Release Notes, Vendor Advisory x_refsource_misc
https://docs.genesys.com/Documentation/IWD

Scores

CVSS v3 7.2
EPSS 0.0168
EPSS Percentile 74.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
genesys/intelligent_workload_distribution_manager 9.0.013.11 - 9.0.017.07
Published Dec 08, 2021
Tracked Since Feb 18, 2026