Search This Blog

SonicWall: Patch Critical SQL Injection Flaw Immediately

The vulnerability was discovered by H4lo & Catalpa of Hatlab DBappSecurity.

 

SonicWall, a security firm, issued patches to fix a severe SQL injection (SQLi) vulnerability in its Analytics On-Prem and Global Management System (GMS) products. 

SonicWall patched a significant SQL injection (SQLi) vulnerability in its Analytics On-Prem and Global Management System (GMS) products, identified as CVE-2022-22280 (CVSS score 9.4). 

“Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem.” reads the advisory published by the company. 

According to SonicWall experts, adding a Web Application Firewall that can identify and stop SQLi assaults can considerably lower the risk of exploitation. Hatlab DBappSecurity's H4lo and Catalpa identified the issue. The following is a list of fixed software: 
Product  and Fixed Version 
  • GMS: 9.3.1-SP2-Hotfix-2 
  • Analytics: 2.5.0.3-2520-Hotfix1 
Organizations are advised to upgrade to the above version as soon as possible. 

“There is no workaround available for this vulnerability,” SonicWall said. “However, the likelihood of exploitation may be significantly reduced by incorporating a Web Application Firewall (WAF) to block SQLi attempts.”
Share it:

Bugs

Flaws

Software

SQL Injection

Version

Vulnerabilities and Exploits