A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for other accounts allowing escalation of privileges.

References

bugzilla.redhat.com/show_bug.cgi?id=2055326

nvd.nist.gov/vuln/detail/CVE-2022-24407

www.cve.org/CVERecord?id=CVE-2022-24407

www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28

nessus 66

ubuntucve 1

osv 7

redhat 31

debiancve 1

amazon 2

openvas 33

oraclelinux 3

veracode 1

fedora 3

debian 2

ubuntu 2

cloudfoundry 1

ibm 6

suse 1

f5 1

redos 1

alpinelinux 1

centos 1

gitlab 1

rocky 1

mageia 2

cbl_mariner 2

prion 1

almalinux 1

cloudlinux 1

cve 1

freebsd 2

slackware 1

photon 6

oracle 3

ics 1

nessus

RHEL 7 : cyrus-sasl (RHSA-2022:0666)

2022-02-25 00:00:00

EulerOS Virtualization 2.10.1 : cyrus-sasl (EulerOS-SA-2022-2049)

2022-07-14 00:00:00

EulerOS Virtualization 3.0.6.0 : cyrus-sasl (EulerOS-SA-2022-2552)

2022-10-10 00:00:00

ubuntucve

CVE-2022-24407

2022-02-22 00:00:00

osv

Important: cyrus-sasl security update

2022-02-23 13:33:12

cyrus-sasl2 vulnerability

2022-02-22 18:29:27

CVE-2022-24407

2022-02-24 15:15:29

redhat

(RHSA-2022:0668) Important: cyrus-sasl security update

2022-02-24 09:24:22

(RHSA-2022:0666) Important: cyrus-sasl security update

2022-02-24 09:24:18

(RHSA-2022:0658) Important: cyrus-sasl security update

2022-02-23 13:33:12

debiancve

CVE-2022-24407

2022-02-24 15:15:00

amazon

Important: cyrus-sasl

2022-03-10 00:54:00

Important: cyrus-sasl

2022-03-07 23:29:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:0702-1)

2022-03-04 00:00:00

Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2021)

2022-07-14 00:00:00

Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-2492)

2022-10-10 00:00:00

oraclelinux

cyrus-sasl security update

2022-02-24 00:00:00

cyrus-sasl security update

2022-03-21 00:00:00

cyrus-sasl security update

2022-02-24 00:00:00

veracode

Remote Code Execution (RCE)

2022-03-12 00:42:04

fedora

[SECURITY] Fedora 35 Update: cyrus-sasl-2.1.27-14.fc35

2022-03-08 21:23:02

[SECURITY] Fedora 34 Update: cyrus-sasl-2.1.27-9.fc34

2022-03-09 19:16:13

[SECURITY] Fedora 36 Update: cyrus-sasl-2.1.27-18.fc36

2022-03-26 15:32:19

debian

[SECURITY] [DLA 2931-1] cyrus-sasl2 security update

2022-03-06 17:15:21

[SECURITY] [DSA 5087-1] cyrus-sasl2 security update

2022-02-25 22:25:06

ubuntu

Cyrus SASL vulnerability

2022-02-22 00:00:00

Cyrus SASL vulnerability

2022-02-22 00:00:00

cloudfoundry

USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry

2022-04-21 00:00:00

ibm

Security Bulletin: A Cyrus SASL vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-24407)

2023-01-12 21:59:00

Security Bulletin: IBM QRadar Network Security is affected by Vulnerability in Cyrus SASL.(CVE-2022-24407)

2022-07-07 10:40:11

Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager appliance (CVE-2022-24407, CVE-2020-25709, CVE-2020-25710)

2022-07-20 19:35:53

suse

Security update for cyrus-sasl (important)

2022-03-08 00:00:00

K82896488 : Cyrus SASL vulnerability CVE-2022-24407

2022-05-18 00:00:00

redos

ROS-20220309-01

2022-03-09 00:00:00

alpinelinux

CVE-2022-24407

2022-02-24 15:15:00

centos

cyrus security update

2022-02-25 15:31:36

gitlab

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

2022-02-24 00:00:00

rocky

cyrus-sasl security update

2022-02-23 13:33:12

mageia

Updated cyrus-sasl packages fix security vulnerability

2022-03-23 11:36:28

Updated mysql-connector-c++ packages fix security vulnerability

2023-03-19 01:16:28

cbl_mariner

CVE-2022-24407 affecting package cyrus-sasl 2.1.27-10

2022-04-09 06:51:52

CVE-2022-24407 affecting package cyrus-sasl 2.1.27-4

2022-03-19 16:40:52

prion

Default credentials

2022-02-24 15:15:00

almalinux

Important: cyrus-sasl security update

2022-02-23 13:33:12

cloudlinux

Fix of CVE: CVE-2022-24407

2022-02-28 15:06:37

cve

CVE-2022-24407

2022-02-24 15:15:00

freebsd

cyrus-sasl -- Escape password for SQL insert/update commands

2022-02-04 00:00:00

MySQL -- Multiple vulnerabilities

2023-01-20 00:00:00

slackware

[slackware-security] cyrus-sasl

2022-02-25 00:10:10

photon

Important Photon OS Security Update - PHSA-2022-0368

2022-03-04 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0368

2022-03-08 00:00:00

Important Photon OS Security Update - PHSA-2022-0477

2022-03-04 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for RH:CVE-2022-24407