Vulnerability Description
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hanssak | Securegate | 3.5 |
| Hanssak | Weblink | >= 3.5.2, <= 3.5.5 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66926Third Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66926Third Party Advisory
FAQ
What is CVE-2022-23767?
CVE-2022-23767 is a vulnerability with a CVSS score of 8.8 (HIGH). This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerab...
How severe is CVE-2022-23767?
CVE-2022-23767 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23767?
Check the references section above for vendor advisories and patch information. Affected products include: Hanssak Securegate, Hanssak Weblink, Microsoft Windows.