PT-2022-14080 · Metasonic · Metasonic Doc Webclient

Joshua Martinelle

Published

2022-05-16

Updated

2022-05-25

CVE-2022-1731

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Metasonic Doc WebClient versions 7.0.3.0 through 7.0.14.0

Description The issue is related to a SQL injection attack in the username field. For the vulnerability to exist, either SSO or System authentication must be enabled.

Recommendations For Metasonic Doc WebClient versions 7.0.3.0 through 7.0.14.0, consider disabling the username field in the authentication process until a patch is available. Restrict access to the system when SSO or System authentication is enabled to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-1731

Affected Products

Metasonic Doc Webclient

PT-2022-14080 · Metasonic · Metasonic Doc Webclient

CVE-2022-1731

Weakness Enumeration

Related Identifiers

Affected Products

References · 5