Products

Solutions

Company

Book A Live Demo

CVE-2022-35947 : Vulnerability Insights and Analysis

Learn about CVE-2022-35947, a critical SQL injection vulnerability in GLPI IT Management Software. Find out the impact, affected versions, and steps for mitigation.

This article provides details about CVE-2022-35947, a SQL injection vulnerability found in GLPI, a Free Asset and IT Management Software.

Understanding CVE-2022-35947

GLPI, which stands for Gestionnaire Libre de Parc Informatique, has been discovered to be vulnerable to a SQL injection attack.

What is CVE-2022-35947?

GLPI is an IT Management Software that offers ITIL Service Desk features, licenses tracking, and software auditing. The identified vulnerability allows an attacker to execute SQL injection, leading to the simulation of an arbitrary user login.

The Impact of CVE-2022-35947

The vulnerability has a CVSSv3.1 base score of 10, categorizing it as critical. It has a high impact on confidentiality, integrity, and availability. The attack complexity is low, and no privileges are required for exploitation.

Technical Details of CVE-2022-35947

Detailed technical information about the vulnerability is outlined below:

Vulnerability Description

The vulnerability in GLPI versions >= 9.1 and < 10.0.3 allows attackers to perform SQL injection, posing a significant security risk.

Affected Systems and Versions

GLPI versions affected by CVE-2022-35947 range from >= 9.1 to < 10.0.3. Users with these versions are at risk of exploitation.

Exploitation Mechanism

The vulnerability can be exploited through a network attack vector, with no user interaction required. It leads to a change in scope and has a significant impact on confidentiality, integrity, and availability.

Mitigation and Prevention

To address CVE-2022-35947, it is crucial to take immediate action and implement long-term security measures.

Immediate Steps to Take

Users are strongly advised to upgrade their GLPI version to 10.0.3 promptly. For users unable to upgrade, disabling the 'Enable login with external token' API configuration is recommended.

Long-Term Security Practices

In addition to immediate steps, users should follow best security practices, including regular security audits, monitoring, and access control.

Patching and Updates

Regularly check for security patches and updates from GLPI to ensure that the software is up-to-date and protected against known vulnerabilities.

CVE-2022-35947 : Vulnerability Insights and Analysis

Understanding CVE-2022-35947

What is CVE-2022-35947?

The Impact of CVE-2022-35947

Technical Details of CVE-2022-35947

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2022-35947 : Vulnerability Insights and Analysis

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2022-35947

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2022-35947?

The Impact of CVE-2022-35947

Technical Details of CVE-2022-35947

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2022-35947

What is CVE-2022-35947?

Is your System Free of Underlying Vulnerabilities?
Find Out Now