A vulnerability in the cyrus-sasl authentication mechanism implementation is related to insufficient password cleansing in the
SQL plug-in provided with Cyrus SASL. Exploitation of the vulnerability could allow an attacker,
acting remotely, send a specially crafted query to a vulnerable application and execute
arbitrary SQL commands on the application database

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64cyrus-sasl<= 2.1.27-5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	cyrus-sasl	<= 2.1.27-5	UNKNOWN

oraclelinux 3

veracode 1

nessus 66

debian 2

osv 7

openvas 33

ibm 6

ubuntu 2

cloudfoundry 1

redhat 31

fedora 3

amazon 2

ubuntucve 1

debiancve 1

redhatcve 1

cbl_mariner 2

gitlab 1

rocky 1

mageia 2

suse 1

f5 1

alpinelinux 1

centos 1

prion 1

almalinux 1

cloudlinux 1

freebsd 2

cve 1

slackware 1

photon 6

oracle 3

ics 1

oraclelinux

cyrus-sasl security update

2022-02-24 00:00:00

cyrus-sasl security update

2022-02-24 00:00:00

cyrus-sasl security update

2022-03-21 00:00:00

veracode

Remote Code Execution (RCE)

2022-03-12 00:42:04

nessus

Ubuntu 16.04 ESM : Cyrus SASL vulnerability (USN-5301-2)

2022-02-23 00:00:00

Oracle Linux 8 : cyrus-sasl (ELSA-2022-0658)

2022-02-24 00:00:00

EulerOS 2.0 SP10 : cyrus-sasl (EulerOS-SA-2022-1785)

2022-06-06 00:00:00

debian

[SECURITY] [DLA 2931-1] cyrus-sasl2 security update

2022-03-06 17:15:21

[SECURITY] [DSA 5087-1] cyrus-sasl2 security update

2022-02-25 22:25:06

osv

cyrus-sasl2 vulnerability

2022-02-22 21:37:43

Important: cyrus-sasl security update

2022-02-23 13:33:12

cyrus-sasl2 vulnerability

2022-02-22 18:29:27

openvas

Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-1835)

2022-06-16 00:00:00

Huawei EulerOS: Security Advisory for cyrus-sasl (EulerOS-SA-2022-1712)

2022-05-25 00:00:00

Fedora: Security Advisory for cyrus-sasl (FEDORA-2022-e33e824d37)

2022-03-27 00:00:00

ibm

Security Bulletin: A Cyrus SASL vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-24407)

2023-01-12 21:59:00

Security Bulletin: IBM QRadar Network Security is affected by Vulnerability in Cyrus SASL.(CVE-2022-24407)

2022-07-07 10:40:11

Security Bulletin: Security Vulnerabilities have been fixed in IBM Security Access Manager appliance (CVE-2022-24407, CVE-2020-25709, CVE-2020-25710)

2022-07-20 19:35:53

ubuntu

Cyrus SASL vulnerability

2022-02-22 00:00:00

Cyrus SASL vulnerability

2022-02-22 00:00:00

cloudfoundry

USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry

2022-04-21 00:00:00

redhat

(RHSA-2022:0780) Important: cyrus-sasl security update

2022-03-08 15:41:00

(RHSA-2022:0668) Important: cyrus-sasl security update

2022-02-24 09:24:22

(RHSA-2022:0666) Important: cyrus-sasl security update

2022-02-24 09:24:18

fedora

[SECURITY] Fedora 35 Update: cyrus-sasl-2.1.27-14.fc35

2022-03-08 21:23:02

[SECURITY] Fedora 36 Update: cyrus-sasl-2.1.27-18.fc36

2022-03-26 15:32:19

[SECURITY] Fedora 34 Update: cyrus-sasl-2.1.27-9.fc34

2022-03-09 19:16:13

amazon

Important: cyrus-sasl

2022-03-07 23:29:00

Important: cyrus-sasl

2022-03-10 00:54:00

ubuntucve

CVE-2022-24407

2022-02-22 00:00:00

debiancve

CVE-2022-24407

2022-02-24 15:15:00

redhatcve

CVE-2022-24407

2022-02-23 09:22:54

cbl_mariner

CVE-2022-24407 affecting package cyrus-sasl 2.1.27-10

2022-04-09 06:51:52

CVE-2022-24407 affecting package cyrus-sasl 2.1.27-4

2022-03-19 16:40:52

gitlab

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

2022-02-24 00:00:00

rocky

cyrus-sasl security update

2022-02-23 13:33:12

mageia

Updated cyrus-sasl packages fix security vulnerability

2022-03-23 11:36:28

Updated mysql-connector-c++ packages fix security vulnerability

2023-03-19 01:16:28

suse

Security update for cyrus-sasl (important)

2022-03-08 00:00:00

K82896488 : Cyrus SASL vulnerability CVE-2022-24407

2022-05-18 00:00:00

alpinelinux

CVE-2022-24407

2022-02-24 15:15:00

centos

cyrus security update

2022-02-25 15:31:36

prion

Default credentials

2022-02-24 15:15:00

almalinux

Important: cyrus-sasl security update

2022-02-23 13:33:12

cloudlinux

Fix of CVE: CVE-2022-24407

2022-02-28 15:06:37

freebsd

cyrus-sasl -- Escape password for SQL insert/update commands

2022-02-04 00:00:00

MySQL -- Multiple vulnerabilities

2023-01-20 00:00:00

cve

CVE-2022-24407

2022-02-24 15:15:00

slackware

[slackware-security] cyrus-sasl

2022-02-25 00:10:10

photon

Important Photon OS Security Update - PHSA-2022-0368

2022-03-04 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0368

2022-03-08 00:00:00

Important Photon OS Security Update - PHSA-2022-0477

2022-03-04 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for ROS-20220309-01