Jim Trater

**Name of the Vulnerable Software and Affected Versions** CFEngine Enterprise versions 3.6.0 through 3.18.5 CFEngine Enterprise versions 3.21.0 through 3.21.2 **Description** The issue is a SQL Injection vulnerability in the Mission Portal login page of the CFEngine hub. This vulnerability allows for SQL Injection attacks. **Recommendations** For CFEngine Enterprise versions 3.6.0 through 3.18.5, update to version 3.18.6. For CFEngine Enterprise versions 3.21.0 through 3.21.2, update to version 3.21.3. As a temporary workaround, consider restricting access to the Mission Portal login page until a patch is applied.