Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-31197 |
CWE-ID | CWE-89 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system postgresql-jdbc (Red Hat package) Operating systems & Components / Operating system package or component |
Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU66747
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-31197
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the java.sql.ResultRow.refreshRow() method when processing column names. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database using the statement terminator, e.g." ;
".
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for ARM 64: 9
Red Hat Enterprise Linux for Power, little endian: 9
Red Hat Enterprise Linux for IBM z Systems: 9
Red Hat Enterprise Linux for x86_64: 9
postgresql-jdbc (Red Hat package): before 42.2.18-6.el9_1
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:0318
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?