GN-SA-2021-001: Genian NAC - SQL Injection Vulnerability


  • Aug 9, 2021


  • High


Geinans has released updates to the Policy Server that address a security vulnerability in SQL query escape processing.

A vulnerability exists whereby an attacker may utilize a SQL Injection attack on system databases. This leaves the database vulnerable to the attacker who may then view, modify, add or delete data within a database. Retrieving data for malicious use or creating admin accounts are two examples of many scenarios that could occur if the vulnerability is left unpatched.

Affected Products

  • Genian NAC v5.0.41 or less
  • Genian NAC v4.0.144 or less

Affected Components

  • Policy Server


The vulnerabilities contained in this advisory can be addressed by upgrading to Policy Server version listed below:


  • None