CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-37599

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.081

EPSS Ranking 91.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://slazarus.xyz/winscribe.html
https://www.nuance.com/dragon/business-solutions/winscribe-dictation-workflow.html
https://slazarus.xyz/winscribe.html
https://www.nuance.com/dragon/business-solutions/winscribe-dictation-workflow.html

Products affected by CVE-2021-37599

Nuance » Winscribe Dictation » Version: 4.1.0.99

cpe:2.3:a:nuance:winscribe_dictation:4.1.0.99

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-37599

Products

Pricing

Contact Us