Lucene search
HistoryMay 04, 2023 - 11:15 a.m.
CVE-2022-4259
cve-2022-4259
nozomi networks
sql injection
input validation
alerts controller
cmc
authenticated attacker
dbms
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
34.0%
Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.
Affected configurations
Node
nozominetworkscmcRange<22.5.2
ORnozominetworksguardianRange<22.5.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nozominetworks | cmc | * | cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:* |
| nozominetworks | guardian | * | cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:* |
References
Related
cve
cve
CVE-2022-4259
2023-05-04 11:15:08
vulnrichment
vulnrichment
cvelist
cvelist
prion
prion
Sql injection
2023-05-04 11:15:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
34.0%
Related for NVD:CVE-2022-4259