.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
High
Resolved Post-auth SQLi in Capsule8 Console (CVE-2022-0366)
CVE(N)
CVE-2022-0366
PRODUCTO(S)
Capsule8 Console
Actualizado
2022 Feb 1
Versión del artículo
1
Publicado
2022 Feb 1
ID de publicación
sophos-sa-20220201-cap8-console-sqli
Solución alternativa
No
Overview
A post-auth SQL injection vulnerability in the Capsule8 Console was discovered by Sophos during internal security testing. The vulnerability has been fixed.
The remediation prevented a previously authorized agent from gaining administrative access on Console.
Applies to the following Sophos product(s) and version(s)
Capsule8 Console versions 4.6.0 through 4.9.1 inclusive
Remediation
Fix included in Capsule8 Console 4.10.0 on February 1, 2022
Users of older versions of Capsule8 Console are required to upgrade to receive this fix
Sophos always recommends that Capsule8 customers upgrade to the latest available release at their earliest opportunity
Related information
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.