CVE-2022-41892 — HIGH (8.6)

Q: How severe is CVE-2022-41892?

CVE-2022-41892 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-41892?

Check the references section above for vendor advisories and patch information. Affected products include: Archesproject Arches.

Vulnerability Description

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Archesproject	Arches	<= 6.1.1

Related Weaknesses (CWE)

CWE-89

References

https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8mPatchThird Party Advisory
https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8mPatchThird Party Advisory

FAQ

What is CVE-2022-41892?

CVE-2022-41892 is a vulnerability with a CVSS score of 8.6 (HIGH). Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's po...

How severe is CVE-2022-41892?

CVE-2022-41892 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-41892?

Check the references section above for vendor advisories and patch information. Affected products include: Archesproject Arches.