CVE-2022-45165

Name of the Vulnerable Software and Affected Versions Archibus Web Central version 2022.03.01.107

Description The issue is related to a service exposed by the application that accepts a user-controlled parameter used to create an SQL query, making it prone to SQL injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Archibus Web Central version 2022.03.01.107, consider restricting access to the vulnerable service to minimize the risk of exploitation. As a temporary workaround, avoid using user-controlled parameters in SQL queries until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.