Cyrus SASL SQL injection | CVE-2022-24407
NAME
Cyrus SASL SQL injection
- Platforms Affected:
Cyrus SASL Cyrus SASL 2.1.17
Cyrus SASL Cyrus SASL 2.1.27
Cyrus SASL Cyrus SASL 2.1.26
Cyrus SASL Cyrus SASL 2.1.25
Cyrus SASL Cyrus SASL 2.1.24
Cyrus SASL Cyrus SASL 2.1.23
Cyrus SASL Cyrus SASL 2.1.22
Cyrus SASL Cyrus SASL 2.1.21
Cyrus SASL Cyrus SASL 2.1.20
Cyrus SASL Cyrus SASL 2.1.19
Cyrus SASL Cyrus SASL 2.1.18 - Risk Level:
8.8 - Exploitability:
High - Consequences:
Data Manipulation
DESCRIPTION
Cyrus SASL is vulnerable to SQL injection. A remote authenticated attacker could send a specially-crafted SQL statements to view, add, modify or delete information in the back-end database.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Cyrus SASL (2.1.28 or later), available from the Cyrus IMAP Web site. See References.
- Reference Link:
https://www.cyrusimap.org/sasl/ - Reference Link:
https://www.suse.com/security/cve/CVE-2022-24407.html
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
