SQL Injection Vulnerabilities in HPE IceWall SSO from HPE
CVE-2022-28623

9.8CRITICAL

Key Information:

Vendor: HP
Status: HP Icewall Sso
Vendor: CVE Published:; 8 July 2022

Summary

HPE IceWall SSO 10.0 certd is vulnerable to security issues that make it susceptible to SQL injection attacks and unauthorized data injections. Attackers can exploit these vulnerabilities remotely, potentially compromising sensitive data and system integrity. HPE has released patch updates to mitigate these risks, including Patch 9 for RHEL and HP-UX systems. It is crucial for users to implement these patches promptly to secure their installations from potential threats.

Affected Version(s)

HPE IceWall SSO Prior to HPE IceWall SSO certd 10.0 (RHEL and HP-UX)

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2022
Vulnerability Reserved
Apr 4, 2022