On-Premise cnMaestro Vulnerability: Pre-Auth SQL Data Exfiltration

CVE-2022-1361 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.