SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Arbitrary SQL Query Execution

SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Arbitrary SQL Query Execution

CVE-2022-4259 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.