Security Updates on Vulnerabilities

CVE-2022-47523: Authenticated SQL Injection Vulnerability

CVE ID: CVE-2022-47523
Severity: High
Update Released Build: 10.1.2228.19
Update Released Date: January 07, 2023

 

What was the problem?

An authenticated SQL injection vulnerability in Endpoint Central MSP (CVE-2022-47523) was identified which may allow an adversary to execute custom queries and access the database table entries. This has now been fixed by enhancing validation and escaping special characters.

How do I fix it?

Upgrading to the latest version is strongly advised due to this vulnerability's severity. To upgrade, follow the steps below:

  1. Login to your Endpoint Central MSP console, click on your current build number on the top right corner.
  2. You'll be able to find the latest build applicable to you. Download the PPM and update.

Credits

nextheia.com via ManageEngine's Bug Bounty program.

Help

For any further queries on this, please reach out to Endpoint Central MSP support at msp-endpointcentral-support@manageengine.com.

 

Remote Desktop & Mobile Device Management Software for MSPs trusted by