Lucene search
HistoryJul 29, 2022 - 9:15 p.m.
CVE-2022-22280
vulnerability
sql injection
sonicwall gms
analytics on-prem
cve-2022-22280
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
50.2%
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
Affected configurations
Node
sonicwallanalyticsRange≤2.5.0.3-2520on-prem
ORsonicwallglobal_management_systemRange<9.3.1
ORsonicwallglobal_management_systemMatch9.3.1-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sonicwall | analytics | * | cpe:2.3:a:sonicwall:analytics:*:*:*:*:on-prem:*:*:* |
| sonicwall | global_management_system | * | cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:* |
| sonicwall | global_management_system | 9.3.1 | cpe:2.3:a:sonicwall:global_management_system:9.3.1:-:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2022-07-29 21:15:00
thn
thn
malwarebytes
malwarebytes
SonicWall urges customers to patch critical SQL injection bug ASAP
2022-07-26 15:57:20
cvelist
cvelist
CVE-2022-22280
2022-07-29 21:05:12
cve
cve
CVE-2022-22280
2022-07-29 21:15:09
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
50.2%
Related for NVD:CVE-2022-22280