CVE-2022-47523: Authenticated SQL Injection Vulnerability

This document explains the details of the reported vulnerability.

CVE ID: CVE-2022-47523

Severity: High

Update Released Build: 10.1.2228.19

Update Released Date: 07/01/2023

What was the problem?

An authenticated SQL injection vulnerability in Vulnerability Manager Plus (CVE-2022-47523) was identified which may allow an adversary to execute custom queries and access the database table entries. This has now been fixed by enhancing validation and escaping special characters.

How do I fix it?

Upgrading to the latest version is strongly advised due to this vulnerability's severity. To upgrade, follow the steps below:

Login to your Vulnerability Manager Plus console, click on your current build number on the top right corner.
You'll be able to find the latest build applicable to you. Download the PPM and update.

Note: In case of any queries, kindly write to our support team at vulnerabilitymanagerplus-support@manageengine.com

Security updates on vulnerabilities

CVE-2022-47523: Authenticated SQL Injection Vulnerability

What was the problem?

How do I fix it?