It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
input. A remote attacker could use this issue to execute arbitrary SQL
commands.

References

ubuntu.com/security/CVE-2022-24407

ubuntu.com/security/notices/USN-5301-1

oraclelinux 3

veracode 1

nessus 66

osv 6

amazon 2

redhat 31

ubuntu 2

ibm 6

cloudfoundry 1

debian 2

fedora 3

openvas 33

ubuntucve 1

debiancve 1

redhatcve 1

suse 1

f5 1

redos 1

alpinelinux 1

centos 1

rocky 1

mageia 2

gitlab 1

cbl_mariner 2

prion 1

freebsd 2

almalinux 1

cve 1

cloudlinux 1

slackware 1

photon 6

oracle 3

ics 1

oraclelinux

cyrus-sasl security update

2022-02-24 00:00:00

cyrus-sasl security update

2022-03-21 00:00:00

cyrus-sasl security update

2022-02-24 00:00:00

veracode

Remote Code Execution (RCE)

2022-03-12 00:42:04

nessus

Oracle Linux 8 : cyrus-sasl (ELSA-2022-0658)

2022-02-24 00:00:00

EulerOS 2.0 SP10 : cyrus-sasl (EulerOS-SA-2022-1785)

2022-06-06 00:00:00

Ubuntu 16.04 ESM : Cyrus SASL vulnerability (USN-5301-2)

2022-02-23 00:00:00

osv

cyrus-sasl2 vulnerability

2022-02-22 21:37:43

Important: cyrus-sasl security update

2022-02-23 13:33:12

CVE-2022-24407

2022-02-24 15:15:29

amazon

Important: cyrus-sasl

2022-03-07 23:29:00

Important: cyrus-sasl

2022-03-10 00:54:00

redhat

(RHSA-2022:0780) Important: cyrus-sasl security update

2022-03-08 15:41:00

(RHSA-2022:0668) Important: cyrus-sasl security update

2022-02-24 09:24:22

(RHSA-2022:0666) Important: cyrus-sasl security update

2022-02-24 09:24:18

ubuntu

Cyrus SASL vulnerability

2022-02-22 00:00:00

Cyrus SASL vulnerability

2022-02-22 00:00:00

ibm

Security Bulletin: A Cyrus SASL vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-24407)

2023-01-12 21:59:00

Security Bulletin: IBM QRadar Network Security is affected by Vulnerability in Cyrus SASL.(CVE-2022-24407)

2022-07-07 10:40:11

Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager appliance (CVE-2022-24407, CVE-2020-25709, CVE-2020-25710)

2022-07-20 19:35:53

cloudfoundry

USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry

2022-04-21 00:00:00

debian

[SECURITY] [DLA 2931-1] cyrus-sasl2 security update

2022-03-06 17:15:21

[SECURITY] [DSA 5087-1] cyrus-sasl2 security update

2022-02-25 22:25:06

fedora

[SECURITY] Fedora 35 Update: cyrus-sasl-2.1.27-14.fc35

2022-03-08 21:23:02

[SECURITY] Fedora 36 Update: cyrus-sasl-2.1.27-18.fc36

2022-03-26 15:32:19

[SECURITY] Fedora 34 Update: cyrus-sasl-2.1.27-9.fc34

2022-03-09 19:16:13

openvas

Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-1835)

2022-06-16 00:00:00

Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-1712)

2022-05-25 00:00:00

openSUSE: Security Advisory for cyrus-sasl (openSUSE-SU-2022:0743-1)

2022-03-23 00:00:00

ubuntucve

CVE-2022-24407

2022-02-22 00:00:00

debiancve

CVE-2022-24407

2022-02-24 15:15:00

redhatcve

CVE-2022-24407

2022-02-23 09:22:54

suse

Security update for cyrus-sasl (important)

2022-03-08 00:00:00

K82896488 : Cyrus SASL vulnerability CVE-2022-24407

2022-05-18 00:00:00

redos

ROS-20220309-01

2022-03-09 00:00:00

alpinelinux

CVE-2022-24407

2022-02-24 15:15:00

centos

cyrus security update

2022-02-25 15:31:36

rocky

cyrus-sasl security update

2022-02-23 13:33:12

mageia

Updated cyrus-sasl packages fix security vulnerability

2022-03-23 11:36:28

Updated mysql-connector-c++ packages fix security vulnerability

2023-03-19 01:16:28

gitlab

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

2022-02-24 00:00:00

cbl_mariner

CVE-2022-24407 affecting package cyrus-sasl 2.1.27-4

2022-03-19 16:40:52

CVE-2022-24407 affecting package cyrus-sasl 2.1.27-10

2022-04-09 06:51:52

prion

Default credentials

2022-02-24 15:15:00

freebsd

cyrus-sasl -- Escape password for SQL insert/update commands

2022-02-04 00:00:00

MySQL -- Multiple vulnerabilities

2023-01-20 00:00:00

almalinux

Important: cyrus-sasl security update

2022-02-23 13:33:12

cve

CVE-2022-24407

2022-02-24 15:15:00

cloudlinux

Fix of CVE: CVE-2022-24407

2022-02-28 15:06:37

slackware

[slackware-security] cyrus-sasl

2022-02-25 00:10:10

photon

Important Photon OS Security Update - PHSA-2022-0368

2022-03-04 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0368

2022-03-08 00:00:00

Important Photon OS Security Update - PHSA-2022-0477

2022-03-04 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for OSV:USN-5301-1