Vulnerability Description
In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Archibus | Web Central | < 26.2 |
Related Weaknesses (CWE)
References
- https://www.gruppotim.it/it/footer/red-team.htmlThird Party Advisory
- https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.htmlThird Party Advisory
- https://www.gruppotim.it/it/footer/red-team.htmlThird Party Advisory
- https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.htmlThird Party Advisory
FAQ
What is CVE-2022-28862?
CVE-2022-28862 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential att...
How severe is CVE-2022-28862?
CVE-2022-28862 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-28862?
Check the references section above for vendor advisories and patch information. Affected products include: Archibus Web Central.