CVE-2021-43361 | Improper Neutralization of Special Elements used in an SQL C… | CVSS 9.9 CRITICAL

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.

Metadata

CVE ID: CVE-2021-43361
State: PUBLISHED
Assigner: TR-CERT
Reserved: 2021-11-04 00:00 UTC
Published: 2022-09-29 01:50 UTC
Last updated: 2025-05-20 19:39 UTC
Primary CWE: CWE-89
CWE-89 Improper Neutralization of Special Elements used in a…
Vendor / Product: MedData / HBYS
Sources: cve.org · NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
MedData	HBYS	—	unspecified < 1.1

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.9	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

References (1)

https://github.com/bartutku/CVE-2021-43361/blob/main/CVE-2021-43361.txt