CVE-2022-4259

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
nozominetworkscmc
𝑥
< 22.5.2
nozominetworksguardian
𝑥
< 22.5.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
nozominetworkscmc
𝑥
< 22.5.2
ADP
nozominetworksguardian
𝑥
< 22.5.2
ADP
Common Weakness Enumeration
References
https://security.nozominetworks.com/NN-2023:1-01
https://security.nozominetworks.com/NN-2023:1-01