Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22280

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.

Published

2022-07-29T21:15:09.470

Last Modified

2024-11-21T06:46:33.137

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-89
Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sonicwall	analytics	≤ 2.5.0.3-2520	Yes
Application	sonicwall	global_management_system	< 9.3.1	Yes
Application	sonicwall	global_management_system	9.3.1	Yes

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Vendor Advisory ([email protected])
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)