A vulnerability in the cyrus-sasl authentication mechanism implementation is related to insufficient password cleansing in the
SQL plug-in provided with Cyrus SASL. Exploitation of the vulnerability could allow an attacker,
acting remotely, send a specially crafted query to a vulnerable application and execute
arbitrary SQL commands on the application database

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64cyrus-sasl<= 2.1.27-5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	cyrus-sasl	<= 2.1.27-5	UNKNOWN

osv 7

redhatcve 1

debiancve 1

redhat 31

amazon 2

nessus 66

ubuntucve 1

openvas 33

gitlab 1

mageia 2

cbl_mariner 2

fedora 3

rocky 1

oraclelinux 3

centos 1

suse 1

cvelist 1

nvd 1

f5 1

alpinelinux 1

freebsd 2

cloudlinux 1

debian 2

ibm 6

almalinux 1

prion 1

cve 1

cloudfoundry 1

veracode 1

ubuntu 2

slackware 1

photon 6

oracle 3

ics 1

osv

CVE-2022-24407

2022-02-24 15:15:29

Important: cyrus-sasl security update

2022-02-23 13:33:12

cyrus-sasl2 vulnerability

2022-02-22 18:29:27

redhatcve

CVE-2022-24407

2022-02-23 09:22:54

debiancve

CVE-2022-24407

2022-02-24 15:15:29

redhat

(RHSA-2022:0658) Important: cyrus-sasl security update

2022-02-23 13:33:12

(RHSA-2022:0668) Important: cyrus-sasl security update

2022-02-24 09:24:22

(RHSA-2022:0666) Important: cyrus-sasl security update

2022-02-24 09:24:18

amazon

Important: cyrus-sasl

2022-03-10 00:54:00

Important: cyrus-sasl

2022-03-07 23:29:00

nessus

EulerOS 2.0 SP8 : cyrus-sasl (EulerOS-SA-2022-1560)

2022-04-25 00:00:00

NewStart CGSL MAIN 6.02 : cyrus-sasl Vulnerability (NS-SA-2022-0088)

2022-11-15 00:00:00

Ubuntu 18.04 LTS / 20.04 LTS : Cyrus SASL vulnerability (USN-5301-1)

2022-02-22 00:00:00

ubuntucve

CVE-2022-24407

2022-02-22 00:00:00

openvas

Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2021)

2022-07-14 00:00:00

Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2492)

2022-10-10 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0702-1)

2022-03-04 00:00:00

gitlab

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

2022-02-24 00:00:00

mageia

Updated cyrus-sasl packages fix security vulnerability

2022-03-23 11:36:28

Updated mysql-connector-c++ packages fix security vulnerability

2023-03-19 01:16:28

cbl_mariner

CVE-2022-24407 affecting package cyrus-sasl 2.1.27-4

2022-03-19 16:40:52

CVE-2022-24407 affecting package cyrus-sasl for versions less than 2.1.28-1

2022-04-09 06:51:52

fedora

[SECURITY] Fedora 34 Update: cyrus-sasl-2.1.27-9.fc34

2022-03-09 19:16:13

[SECURITY] Fedora 36 Update: cyrus-sasl-2.1.27-18.fc36

2022-03-26 15:32:19

[SECURITY] Fedora 35 Update: cyrus-sasl-2.1.27-14.fc35

2022-03-08 21:23:02

rocky

cyrus-sasl security update

2022-02-23 13:33:12

oraclelinux

cyrus-sasl security update

2022-02-24 00:00:00

cyrus-sasl security update

2022-03-21 00:00:00

cyrus-sasl security update

2022-02-24 00:00:00

centos

cyrus security update

2022-02-25 15:31:36

suse

Security update for cyrus-sasl (important)

2022-03-08 00:00:00

cvelist

CVE-2022-24407

2022-02-23 00:00:00

nvd

CVE-2022-24407

2022-02-24 15:15:29

K82896488 : Cyrus SASL vulnerability CVE-2022-24407

2022-05-18 00:00:00

alpinelinux

CVE-2022-24407

2022-02-24 15:15:29

freebsd

cyrus-sasl -- Escape password for SQL insert/update commands

2022-02-04 00:00:00

MySQL -- Multiple vulnerabilities

2023-01-20 00:00:00

cloudlinux

Fix of CVE: CVE-2022-24407

2022-02-28 15:06:37

debian

[SECURITY] [DSA 5087-1] cyrus-sasl2 security update

2022-02-25 22:25:06

[SECURITY] [DLA 2931-1] cyrus-sasl2 security update

2022-03-06 17:15:21

ibm

Security Bulletin: IBM QRadar Network Security is affected by Vulnerability in Cyrus SASL.(CVE-2022-24407)

2022-07-07 10:40:11

Security Bulletin: A Cyrus SASL vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-24407)

2023-01-12 21:59:00

Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager appliance (CVE-2022-24407, CVE-2020-25709, CVE-2020-25710)

2022-07-20 19:35:53

almalinux

Important: cyrus-sasl security update

2022-02-23 13:33:12

prion

Default credentials

2022-02-24 15:15:00

cve

CVE-2022-24407

2022-02-24 15:15:29

cloudfoundry

USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry

2022-04-21 00:00:00

veracode

Remote Code Execution (RCE)

2022-03-12 00:42:04

ubuntu

Cyrus SASL vulnerability

2022-02-22 00:00:00

Cyrus SASL vulnerability

2022-02-22 00:00:00

slackware

[slackware-security] cyrus-sasl

2022-02-25 00:10:10

photon

Important Photon OS Security Update - PHSA-2022-0368

2022-03-04 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0368

2022-03-08 00:00:00

Important Photon OS Security Update - PHSA-2022-0477

2022-03-04 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for ROS-20220309-01