SonicWall patches a critical SQL injection (SQLi) vulnerability affecting its Analytics & Global Management System....

Continue reading
On Friday, network security provider SonicWall released patches to prevent a serious SQL injection (SQLi) flaw impacting its Analytics On-Prem and Global Management System (GMS) products.
The CVE-2022-22280 vulnerability has a CVSS severity system of 9.4 and stems from what the company describes as "incorrect neutralization of special elements" in a SQL command, which could lead to an unauthenticated SQL injection.
If the resulting SQL query does not sufficiently remove or quote SQL syntax from user-controllable inputs, MITRE states in its definition of SQL injection that certain inputs may be read as SQL instead than ordinary user data.
This can be used to change query logic to circumvent security checks or to include extra statements that impact the back-end database, perhaps including the execution of system instructions.
H4lo and Catalpa of DBappSecurity HAT Lab are credited with identifying and reporting the vulnerabilities affecting Analytics On-Prem versions 2.5.0.3-2520 and earlier and GMS versions previous to and including 9.3.1-SP2-Hotfix1.
Organizations utilizing susceptible appliances should upgrade to Analytics 2.5.0.3-2520-Hotfix1 and GMS 9.3.1-SP2-Service Pack 2 (SP2).
SonicWall stated that there is no workaround available for this vulnerability. Incorporating a Web Application Firewall (WAF) to block SQLi attempts, however, can dramatically minimize the chance of exploitation.

Splunk disclosed CVE-2026-20253, a critical pre-auth RCE flaw in Splunk Enterprise (CVSS 9.8) from insecure MongoDB defaults. Patches released; upgrade to 9.1.8, 9.2.5, or 9.3.2.