CVE-2022-22280
published 2022-07-29CVE-2022-22280: Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
9.26%
94.7th percentile
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | analytics | <= 2.5.0.3-2520 | — |
| sonicwall | global_management_system | < 9.3.1 | 9.3.1 |
| sonicwall | global_management_system | — | — |
| sonicwall | gms | — | — |
| sonicwall | sonicwall_analytics_on-prem | — | — |
| sonicwall | sonicwall_gms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-22280 is an unauthenticated SQL injection vulnerability in SonicWall GMS and Analytics On-Prem; monitor for unsanitized SQL special elements in requests to these products ↗
- ·Vulnerable versions are SonicWall GMS up to and including 9.3.1-SP2-Hotfix1 and Analytics On-Prem up to and including 2.5.0.3-2520; patched versions are GMS 9.3.1-SP2-Hotfix-2 or later and Analytics 2.5.0.3-Hotfix-1 or later ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r8qm-cxjj-8wpg: Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9
ghsa_unreviewed·2022-07-30
CVE-2022-22280 [CRITICAL] CWE-89 GHSA-r8qm-cxjj-8wpg: Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
SonicWall
CVE-2022-22280: Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3
vendor_sonicwall·2022-07-29·CVSS 9.8
CVE-2022-22280 [CRITICAL] CWE-89 CVE-2022-22280: Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3
CVE-2022-22280: Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
No detection rules found.
No public exploits indexed.
2022-07-29
Published