GN-SA-2021-001: Genian NAC - SQL Injection Vulnerability
========================================================

Date
----
- Aug 9, 2021

Serverity
---------
- High

Summary
-------

Geinans has released updates to the Policy Server that address a security vulnerability in SQL query escape processing.

A vulnerability exists whereby an attacker may utilize a SQL Injection attack on system databases.  This leaves the database vulnerable to the attacker who may then view, modify, add or delete data within a database.  Retrieving data for malicious use or creating admin accounts are two examples of many scenarios that could occur if the vulnerability is left unpatched.

Affected Products
-----------------
- Genian NAC v5.0.41 or less
- Genian NAC v4.0.144 or less

Affected Components
-------------------
- Policy Server

Resolution
----------
The vulnerabilities contained in this advisory can be addressed by upgrading to Policy Server version listed below:

- `Genian NAC v5.0.42 (LTS)`_
- Genian NAC v4.0.145

.. _Genian NAC v5.0.42 (LTS): ../releasenotes/genian-nac-5.0.42.html

Workaround
----------
- None