Sql injection

2021-06-2512:15:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.

CPENameOperatorVersion
deceptionlt9.3.7
deceptioneq9.4
networklt9.3.7
networkeq9.4

Name	Operator	Version
deception	lt	9.3.7
deception	eq	9.4
network	lt	9.3.7
network	eq	9.4

References

support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-News-and-Policies

www.securifera.com/blog/2021/06/24/operation-eagle-eye/