In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Nov 2022, 17:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221007-0003/ - Third Party Advisory | |
First Time |
Oracle communications Cloud Native Core Security Edge Protection Proxy
Oracle communications Cloud Native Core Network Function Cloud Native Environment Netapp active Iq Unified Manager Oracle communications Cloud Native Core Console Netapp Oracle Netapp ontap Select Deploy Administration Utility |
07 Oct 2022, 14:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Apr 2022, 16:48
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/ - Issue Tracking, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/ - Issue Tracking, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/ - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject fedora
Fedoraproject |
26 Mar 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Mar 2022, 17:46
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Mar 2022, 19:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
CWE | CWE-89 | |
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:cyrusimap:cyrus-sasl:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/02/23/4 - Mailing List, Patch, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5087 - Third Party Advisory | |
References | (MISC) https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst - Release Notes, Third Party Advisory | |
First Time |
Debian debian Linux
Debian Cyrusimap cyrus-sasl Cyrusimap |
02 Mar 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Feb 2022, 16:02
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-24 15:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24407
Mitre link : CVE-2022-24407
CVE.ORG link : CVE-2022-24407
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
netapp
- active_iq_unified_manager
- ontap_select_deploy_administration_utility
oracle
- communications_cloud_native_core_security_edge_protection_proxy
- communications_cloud_native_core_network_function_cloud_native_environment
- communications_cloud_native_core_console
cyrusimap
- cyrus-sasl
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')