Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
November 5, 2021Rewterz Threat Advisory – ICS: VISAM VBASE Editor Vulnerabilities
November 5, 2021Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
November 5, 2021Rewterz Threat Advisory – ICS: VISAM VBASE Editor Vulnerabilities
November 5, 2021Severity
High
Analysis Summary
CVE-2021-39375
The affected product allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
CVE-2021-39376
The affected product allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.
Impact
- Unauthorized Access
- Denial of Service
Affected Vendors
- Philips
Affected Products
- Tasy EMR HTML5 3.06.1803 and prior
Remediation
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.