You are here
Cyrus SASL - SQL Injection (CVE-2022-24407)
Submitted on 29. July 2022 - 15:47 by rischi.
Last update on 29. July 2022 - 16:35.
Last update on 29. July 2022 - 16:35.
IDs:
CVE-2022-24407
Keywords:
sasl, cyrus
Description:
CVE-2022-24407 is an SQL Injection vulnerability in the SQL plugin shipped with Cyrus SASL [1]. Cyrus SASL is an implementation of the Simple Authentication and Security Layer (SASL) specification.
Cyrus SASL is installed on Airlock Gateway due to mandatory OS dependencies.
No actions required for Airlock Gateway
Details:
The vulnerable library is not used by any exposed service on Airlock Gateway and can therefore not be exploited.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock
Reference: