CVE-2021-43362 – This SQL injection vulnerability in MedData HBY... (How to Fix)

Q: What is the severity of CVE-2021-43362?

CVE-2021-43362 has a CVSS score of 9.9 (CRITICAL). This SQL injection vulnerability in MedData HBYS allows attackers to execute arbitrary SQL commands on the database. It affects all HBYS installations running versions before 1.1. Successful exploitation could lead to data theft, modification, or complete system compromise.

📋 TL;DR

This SQL injection vulnerability in MedData HBYS allows attackers to execute arbitrary SQL commands on the database. It affects all HBYS installations running versions before 1.1. Successful exploitation could lead to data theft, modification, or complete system compromise.

💻 Affected Systems

Products:

MedData HBYS

Versions: All versions before 1.1

Operating Systems: Unknown - likely all platforms running HBYS

Default Config Vulnerable: ⚠️ Yes

Notes: Specific vulnerable components not detailed in CVE description.

📦 What is this software?

Hbys by Meddata

View all CVEs affecting Hbys →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data exfiltration, modification, deletion, or remote code execution on the database server.

🟠

Likely Case

Unauthorized data access, privilege escalation, and potential data manipulation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited with automated tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1

Vendor Advisory: Not provided in CVE

Restart Required: Yes

Instructions:

1. Backup database and application. 2. Download HBYS version 1.1 from vendor. 3. Install update following vendor instructions. 4. Restart application services. 5. Verify functionality.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block exploitation attempts.

Database Permissions

all

Restrict database user permissions to minimum required.

🧯 If You Can't Patch

Implement input validation and parameterized queries in application code.
Isolate HBYS system from internet and restrict network access.

🔍 How to Verify

Check if Vulnerable:

Check HBYS version in application interface or configuration files. If version < 1.1, system is vulnerable.

Check Version:

Check application interface or consult vendor documentation for version check method.

Verify Fix Applied:

Confirm HBYS version is 1.1 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts
Unexpected database errors

Network Indicators:

SQL injection patterns in HTTP requests
Unusual database connection patterns

SIEM Query:

SELECT * FROM web_logs WHERE uri CONTAINS 'UNION SELECT' OR uri CONTAINS 'OR 1=1' OR uri CONTAINS ';--'

📊 Metadata

CVE ID: CVE-2021-43362

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-89

Published: November 16, 2021

Last Updated: November 21, 2024

🔗 References

https://gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4 Third Party Advisory
https://gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43362, you might also want to check these: