Resolved Post-auth SQLi in Capsule8 Console (CVE-2022-0366)

セキュリティ勧告の概要に戻る
High
CVE
CVE-2022-0366
Updated:
製品
Capsule8 Console
文章 ID sophos-sa-20220201-cap8-console-sqli
文章のバージョン 1
公開日
対処策 No

Overview

A post-auth SQL injection vulnerability in the Capsule8 Console was discovered by Sophos during internal security testing. The vulnerability has been fixed.

The remediation prevented a previously authorized agent from gaining administrative access on Console.

Applies to the following Sophos product(s) and version(s)

  • Capsule8 Console versions 4.6.0 through 4.9.1 inclusive

Remediation

  • Fix included in Capsule8 Console 4.10.0 on February 1, 2022

  • Users of older versions of Capsule8 Console are required to upgrade to receive this fix

  • Sophos always recommends that Capsule8 customers upgrade to the latest available release at their earliest opportunity