GN-SA-2021-001: Genian NAC - SQL Injection Vulnerability
Date
- Aug 9, 2021
Serverity
- High
Summary
Geinans has released updates to the Policy Server that address a security vulnerability in SQL query escape processing.
A vulnerability exists whereby an attacker may utilize a SQL Injection attack on system databases. This leaves the database vulnerable to the attacker who may then view, modify, add or delete data within a database. Retrieving data for malicious use or creating admin accounts are two examples of many scenarios that could occur if the vulnerability is left unpatched.
Affected Products
- Genian NAC v5.0.41 or less
- Genian NAC v4.0.144 or less
Affected Components
- Policy Server
Resolution
The vulnerabilities contained in this advisory can be addressed by upgrading to Policy Server version listed below:
- Genian NAC v5.0.42 (LTS)
- Genian NAC v4.0.145
Workaround
- None