Vulnerabilities > Genesys > Intelligent Workload Distribution Manager

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-40860 SQL Injection vulnerability in Genesys Intelligent Workload Distribution Manager
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.
network
low complexity
genesys CWE-89
7.2
2021-12-08 CVE-2021-40861 SQL Injection vulnerability in Genesys Intelligent Workload Distribution Manager
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.
network
low complexity
genesys CWE-89
7.2