GZ-SA-2024-001: Genian ZTNA - Blind SQL Injection Vulnerability

Date

April 26, 2024

CVSS score

2.2

Influence

low

Details

We have discovered a problem that could lead to Blind SQL Injection attacks due to insufficient validation of input values for search conditions when searching for nodes in the Genie NAC management console. We have taken action and announced a security update to enhance product security.

Users using this version are recommended to update to the latest version.

Genian ZTNA SQL Injection (CVE-2024-23843)

Influence version

Genian ZTNA 6.0.20 and below
Genian ZTNA 6.0.16 LTS (Revision 125554 or earlier)

How to solve

The vulnerabilities included in this advisory can be addressed by updating to the versions below.

Genian ZTNA 6.0.21 or later
Genian ZTNA 6.0.16 LTS (Revision 12555 or later)

Temporary measures

doesn't exist