September 21, 2023

SonicWall addressed a critical SQL injection vulnerability, tracked as  CVE-2022-22280 with CVSS score 9.4, in Analytics On-Prem and Global Management System (GMS) products.

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem. – Sonicwall statement

SonicWall researchers pointed out that the likelihood of exploitation may be significantly reduced by incorporating Web Application Firewall that could detect and block SQLi attacks.

Advertisements

The vulnerability was discovered by H4lo & Catalpa of Hatlab DBappSecurity.

SonicWall said it was not aware of active exploitation in the wild or the public release of PoC exploit code targeting the bug.

Organizations using the affected GMS version to apply the patches immediately.

Tags:

Leave a Reply

You may have missed

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023
%d bloggers like this: