SQL Injection Vulnerability in IceWarp WebClient DC2 by IceWarp
CVE-2022-35115

9.8CRITICAL

Key Information:

Vendor

Icewarp

Status
Webclient Dc2
Vendor
CVE Published:
23 August 2022

What is CVE-2022-35115?

The IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) features a SQL injection vulnerability that can be exploited through the search parameter within the webmail server. This could potentially allow unauthorized access to sensitive database information, posing a significant risk to users' data security. Organizations using this product should implement necessary security measures and consider upgrading to a patched version to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://support.icewarp.com/hc/en-us/community/posts/4419...
x_refsource_MISC
https://veysel-xan.com/CVE-2022-35115.txt
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.