GN-SA-2021-001: Genian NAC - SQL Injection Vulnerability

Date

  • Aug 9, 2021

Serverity

  • High

Summary

Geinans has released updates to the Policy Server that address a security vulnerability in SQL query escape processing.

A vulnerability exists whereby an attacker may utilize a SQL Injection attack on system databases. This leaves the database vulnerable to the attacker who may then view, modify, add or delete data within a database. Retrieving data for malicious use or creating admin accounts are two examples of many scenarios that could occur if the vulnerability is left unpatched.

Affected Products

  • Genian NAC v5.0.41 or less
  • Genian NAC v4.0.144 or less

Affected Components

  • Policy Server

Resolution

The vulnerabilities contained in this advisory can be addressed by upgrading to Policy Server version listed below:

Workaround

  • None