cvelistv5 - cve-2022-22280

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:50.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SonicWall GMS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.1-SP2-Hotfix1 and earlier"
            }
          ]
        },
        {
          "product": "SonicWall Analytics On-Prem",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.0.3-2520 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-29T21:05:12",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2022-22280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SonicWall GMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.3.1-SP2-Hotfix1 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SonicWall Analytics On-Prem",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.5.0.3-2520 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SonicWall"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2022-22280",
    "datePublished": "2022-07-29T21:05:12",
    "dateReserved": "2021-12-29T00:00:00",
    "dateUpdated": "2024-08-03T03:07:50.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sonicwall:analytics:*:*:*:*:on-prem:*:*:*\", \"versionEndIncluding\": \"2.5.0.3-2520\", \"matchCriteriaId\": \"C7FFD1D8-11E9-4208-840E-33090DF70E75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.3.1\", \"matchCriteriaId\": \"B04B0EA0-DE37-495D-9417-8FAF48F1A064\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sonicwall:global_management_system:9.3.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"215C71C7-2CA8-4017-AF17-995002FF3100\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.\"}, {\"lang\": \"es\", \"value\": \"Una Neutralizaci\\u00f3n Inadecuada de Elementos Especiales usados en un Comando SQL conllevando a una vulnerabilidad de inyecci\\u00f3n SQL no autenticada, que afecta a SonicWall GMS versi\\u00f3n 9.3.1-SP2-Hotfix1, Analytics On-Prem versiones 2.5.0.3-2520 y anteriores\"}]",
      "id": "CVE-2022-22280",
      "lastModified": "2024-11-21T06:46:33.137",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2022-07-29T21:15:09.470",
      "references": "[{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007\", \"source\": \"PSIRT@sonicwall.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "PSIRT@sonicwall.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"PSIRT@sonicwall.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-22280\",\"sourceIdentifier\":\"PSIRT@sonicwall.com\",\"published\":\"2022-07-29T21:15:09.470\",\"lastModified\":\"2024-11-21T06:46:33.137\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.\"},{\"lang\":\"es\",\"value\":\"Una Neutralizaci\u00f3n Inadecuada de Elementos Especiales usados en un Comando SQL conllevando a una vulnerabilidad de inyecci\u00f3n SQL no autenticada, que afecta a SonicWall GMS versi\u00f3n 9.3.1-SP2-Hotfix1, Analytics On-Prem versiones 2.5.0.3-2520 y anteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"PSIRT@sonicwall.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:analytics:*:*:*:*:on-prem:*:*:*\",\"versionEndIncluding\":\"2.5.0.3-2520\",\"matchCriteriaId\":\"C7FFD1D8-11E9-4208-840E-33090DF70E75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.1\",\"matchCriteriaId\":\"B04B0EA0-DE37-495D-9417-8FAF48F1A064\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:global_management_system:9.3.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"215C71C7-2CA8-4017-AF17-995002FF3100\"}]}]}],\"references\":[{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007\",\"source\":\"PSIRT@sonicwall.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2022-22280

Vulnerability from fkie_nvd - Published: 2022-07-29 21:15 - Updated: 2024-11-21 06:46

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007	Vendor Advisory

Impacted products

Vendor	Product	Version
sonicwall	analytics	*
sonicwall	global_management_system	*
sonicwall	global_management_system	9.3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:on-prem:*:*:*",
              "matchCriteriaId": "C7FFD1D8-11E9-4208-840E-33090DF70E75",
              "versionEndIncluding": "2.5.0.3-2520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B04B0EA0-DE37-495D-9417-8FAF48F1A064",
              "versionEndExcluding": "9.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "215C71C7-2CA8-4017-AF17-995002FF3100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions."
    },
    {
      "lang": "es",
      "value": "Una Neutralizaci\u00f3n Inadecuada de Elementos Especiales usados en un Comando SQL conllevando a una vulnerabilidad de inyecci\u00f3n SQL no autenticada, que afecta a SonicWall GMS versi\u00f3n 9.3.1-SP2-Hotfix1, Analytics On-Prem versiones 2.5.0.3-2520 y anteriores"
    }
  ],
  "id": "CVE-2022-22280",
  "lastModified": "2024-11-21T06:46:33.137",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-29T21:15:09.470",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2022-AVI-672

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits d'administration SonicWall GMS et Analytics. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Sonicwall	N/A	SonicWall GMS versions antérieures à 9.3.1-SP2-Hotfix-2
	Sonicwall	N/A	SonicWall Analytics versions antérieures à 2.5.0.3-2520-Hotfix1

References

Title

Publication Time

Tags

Bulletin de sécurité SonicWall SNWLID-2022-0007 du 21 juillet 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SonicWall GMS versions ant\u00e9rieures \u00e0 9.3.1-SP2-Hotfix-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicWall Analytics versions ant\u00e9rieures \u00e0 2.5.0.3-2520-Hotfix1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22280"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-672",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits d\u0027administration\nSonicWall GMS et Analytics. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits SonicWall",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2022-0007 du 21 juillet 2022",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
    }
  ]
}

CERTFR-2022-AVI-672

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits d'administration SonicWall GMS et Analytics. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Sonicwall	N/A	SonicWall GMS versions antérieures à 9.3.1-SP2-Hotfix-2
	Sonicwall	N/A	SonicWall Analytics versions antérieures à 2.5.0.3-2520-Hotfix1

References

Title

Publication Time

Tags

Bulletin de sécurité SonicWall SNWLID-2022-0007 du 21 juillet 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SonicWall GMS versions ant\u00e9rieures \u00e0 9.3.1-SP2-Hotfix-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicWall Analytics versions ant\u00e9rieures \u00e0 2.5.0.3-2520-Hotfix1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22280"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-672",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits d\u0027administration\nSonicWall GMS et Analytics. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits SonicWall",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2022-0007 du 21 juillet 2022",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
    }
  ]
}

GSD-2022-22280

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-22280

Aliases

CVE-2022-22280

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-22280",
    "description": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.",
    "id": "GSD-2022-22280"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-22280"
      ],
      "details": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.",
      "id": "GSD-2022-22280",
      "modified": "2023-12-13T01:19:28.793620Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT@sonicwall.com",
        "ID": "CVE-2022-22280",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SonicWall GMS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.3.1-SP2-Hotfix1 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SonicWall Analytics On-Prem",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.5.0.3-2520 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SonicWall"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:9.3.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:on-prem:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.0.3-2520",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2022-22280"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-08-08T16:49Z",
      "publishedDate": "2022-07-29T21:15Z"
    }
  }
}

VAR-202207-1703

Vulnerability from variot - Updated: 2023-12-18 13:36

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. SonicWALL of Analytics and Global Management System for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWALL Analytics is a high-performance management and reporting engine for networks from SonicWALL in the United States. SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a proof of concept (PoC) have been made public, and malicious use of this vulnerability has not been reported to SonicWall

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-1703",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "2.5.0.3-2520"
      },
      {
        "model": "global management system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "9.3.1"
      },
      {
        "model": "global management system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "9.3.1"
      },
      {
        "model": "global management system",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22280"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:9.3.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:on-prem:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.0.3-2520",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22280"
      }
    ]
  },
  "cve": "CVE-2022-22280",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-22280",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-22280",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-2292",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22280"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. SonicWALL of Analytics and Global Management System for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWALL Analytics is a high-performance management and reporting engine for networks from SonicWALL in the United States. SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a proof of concept (PoC) have been made public, and malicious use of this vulnerability has not been reported to SonicWall",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "db": "VULHUB",
        "id": "VHN-410504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22280"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22280",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2292",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072214",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-410504",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22280",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22280"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ]
  },
  "id": "VAR-202207-1703",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410504"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:36:50.768000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SonicWALL Analytics On-Prem SQL Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=203756"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.1
      },
      {
        "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410504"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22280"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0007"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22280"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072214"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22280/"
      },
      {
        "trust": 0.1,
        "url": "https://www.sonicwall.com/support/notices/security-notice-sonicwall-gms-sql-injection-vulnerability/220613083124303/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22280"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-410504"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22280"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-410504"
      },
      {
        "date": "2023-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "date": "2022-07-29T21:15:09.470000",
        "db": "NVD",
        "id": "CVE-2022-22280"
      },
      {
        "date": "2022-07-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-410504"
      },
      {
        "date": "2023-09-14T08:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      },
      {
        "date": "2022-08-08T16:49:55.723000",
        "db": "NVD",
        "id": "CVE-2022-22280"
      },
      {
        "date": "2022-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SonicWALL\u00a0 of \u00a0Analytics\u00a0 and \u00a0Global\u00a0Management\u00a0System\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-014196"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2292"
      }
    ],
    "trust": 0.6
  }
}

GHSA-R8QM-CXJJ-8WPG

Vulnerability from github – Published: 2022-07-30 00:00 – Updated: 2022-08-09 00:00

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-22280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-29T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.",
  "id": "GHSA-r8qm-cxjj-8wpg",
  "modified": "2022-08-09T00:00:23Z",
  "published": "2022-07-30T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22280"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-22280 (GCVE-0-2022-22280)

FKIE_CVE-2022-22280

CERTFR-2022-AVI-672

Solution

CERTFR-2022-AVI-672

Solution

GSD-2022-22280

VAR-202207-1703

GHSA-R8QM-CXJJ-8WPG

Tags

Sightings

Nomenclature